Arbitrary Cmd Exec via Webhook FreeMarker in MongoDB Ops Manager 7.x & 8.0.22-
CVE-2026-8431 Published on May 12, 2026
Ops Manager RCE via webhook body
An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.
This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior.
Vulnerability Analysis
CVE-2026-8431 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2026-8431 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2026-8431
Want to know whenever a new CVE is published for MongoDB Ops Manager? stack.watch will email you.
Affected Versions
MongoDB, Inc. Ops Manager:- Version 7.0 and below 8.0.23 is affected.