Skip to content
Percona Documentation
Rate this page
Thanks for your feedback
Thank you! The feedback has been submitted.

Get free database assistance or contact our experts for personalized support.

Get help from Percona

Percona Server for MongoDB 7.0.28-15 and 8.0.17-6 have been released with a fix for CVE-2025-14847: CWE-130

Percona Server for MongoDB 7.0.28-15 and 8.0.17-6 have been released on January 8, 2026.

These releases provide the fix for the security vulnerability CVE-2025-14847: CWE-130, which affects how MongoDB uses zlib compression library. Attackers with network access to mongod or mongos can extract fragments of uninitialized server memory without authentication if zlib compression is enabled, and access sensitive data.

We recommend updating to Percona Server for MongoDB 7.0.28-15 or 8.0.17-6 as soon as possible to ensure your deployments remain secure. Find the update instructions for Percona Server for MongoDB 7.0 and Percona Server for MongoDB 8.0.

If an immediate update is not possible, you can disable zlib compression in configuration or startup parameters.

Learn more about these releases in the release notes of Percona Server for MongoDB 7.0.28-15 and 8.0.17-6.