CVE-2026-2302

Publication date

2026-02-10 18:59:23

Family

mongodb

State

PUBLISHED

Description

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.