Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2026-2302
CVE-2026-2302
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.
Published Feb 11, 2026
https://jira.mongodb.org/browse/MONGOID-5919
CVSS Score
Medium
6.9
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
gem
ish_lib_manager
0.0.1
gem
mongoid
0.10.0
gem
mongoid
0.10.1
gem
mongoid
0.10.2
gem
mongoid
0.10.3
gem
mongoid
0.10.4
gem
mongoid
0.10.5
gem
mongoid
0.10.6
gem
mongoid
0.11.0
gem
mongoid
0.11.1
gem
mongoid
0.11.2
gem
mongoid
0.11.3
gem
mongoid
0.11.4
gem
mongoid
0.11.5
gem
mongoid
0.11.6
gem
mongoid
0.11.7
gem
mongoid
0.11.8
gem
mongoid
0.11.9
gem
mongoid
0.12.0
gem
mongoid
0.2.5
gem
mongoid
0.2.6
gem
mongoid
0.2.7
gem
mongoid
0.3.0
gem
mongoid
0.3.1
gem
mongoid
0.3.2
gem
mongoid
0.3.3
gem
mongoid
0.3.4
gem
mongoid
0.4.0
gem
mongoid
0.4.1
gem
mongoid
0.4.2
gem
mongoid
0.4.3
gem
mongoid
0.4.4
gem
mongoid
0.4.5
gem
mongoid
0.4.7
gem
mongoid
0.4.8
gem
mongoid
0.5.0
gem
mongoid
0.5.10
gem
mongoid
0.5.11
gem
mongoid
0.5.1
gem
mongoid
0.5.2
gem
mongoid
0.5.3
gem
mongoid
0.5.4
gem
mongoid
0.5.5
gem
mongoid
0.5.6
gem
mongoid
0.5.7
gem
mongoid
0.5.8
gem
mongoid
0.5.9
gem
mongoid
0.6.0
gem
mongoid
0.6.10
gem
mongoid
0.6.1
1-50 of 362
CVE-2026-2302 | Components Impacted | Sonatype Guide | Sonatype Guide
