Skip to content
Percona Software for MongoDB Documentation

Rate this page
Thanks for your feedback
Thank you! The feedback has been submitted.

Get free database assistance or contact our experts for personalized support.

Get help from Percona

Percona Server for MongoDB 8.0.19-7 (2026-02-19)

Install Upgrade from MongoDB Community

Percona Server for MongoDB 8.0.19-7 is an enhanced, source-available, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB Community Edition.

Percona Server for MongoDB 8.0.19-7 includes the improvements and bug fixes from:

Percona Server for MongoDB 8.0.19-7 supports protocols and drivers of MongoDB Community 8.0.18 and 8.0.19.

New feature

  • PSMDB-1893: Disable specific FTDC metric groups

    Percona Server for MongoDB now permits administrators to disable specific diagnostic metric groups via two new server parameters:

    • diagnosticDataCollectionEnableSystemMetricsDisks

      • Enables or disables collection of disk-level statistics.
      • Type: Boolean (true/false)
      • Default: true (enabled)
      • Scope: Startup; runtime configurable via setParameter

    • diagnosticDataCollectionEnableSystemMetricsMounts

      • Enables or disables collection of mount-level statistics.
      • Type: Boolean (true/false)
      • Default: true (enabled)
      • Scope: Startup; runtime configurable via setParameter

    Database administrators can avoid delays in diagnostics caused by unstable or unresponsive mount points in NFS, FUSE, or autofs environments by excluding certain problematic groups like systemMetrics, serverStatus.connections, and replSetGetStatus. This way, the Full Time Diagnostic Data Capture (FTDC) can still deliver important insights into database performance, such as query efficiency and replication, without being hindered by system-level issues.

Ready to explore this topic further? Check out our in-depth documentation.

Security updates: CVE fixes from upstream MongoDB

This release includes upstream MongoDB security fixes for the following vulnerabilities:

High severity

  • SERVER-116210 (CVE-2026-25611): Fixed an issue where a series of specifically crafted, unauthenticated messages could exhaust available system memory, leading to a server crash.

  • SERVER-114838 (CVE-2026-25612): Resolved a bug in the internal locking mechanism where specific resource encodings could cause unintended collisions between collections. This could lead to resource unavailability due to conflicting locks.

  • SERVER-113685 (CVE-2026-25613): Fixed a vulnerability where an authorized user could crash the server by querying a collection containing an invalid compound wildcard index.

  • SERVER-102364 (CVE-2026-1849): Addressed an Out-Of-Memory (OOM) failure during the evaluation of expressions that produce deeply nested documents. The server now properly validates recursion depth to prevent unchecked memory consumption.

  • SERVER-114126 (CVE-2026-1850): Fixed an issue where complex boolean expression simplifications within the Query Planner by an authorized user could lead to excessive memory usage and an OOM crash.

  • SERVER-99119 (CVE-2026-25610): Resolved a vulnerability where an authorized user could trigger a server crash by executing a $geoNear aggregation pipeline with specific invalid index hints.

  • SERVER-114695 (CVE-2026-1848): Resolved a vulnerability where connections received on the proxy port (pending proxy protocol headers) were excluded from the maxConns limit. This flaw exposed the server to resource exhaustion and OOM (Out-of-Memory) crashes during high-traffic bursts.

  • SERVER-113532 (CVE-2026-1847): Resolved an issue where inserting specific large documents could prevent secondaries from fetching the oplog from the primary. This could stall replication and potentially lead to node instability.

Medium severity

  • SERVER-112952 (CVE-2026-25609): Corrected an issue where improper validation of the profile command caused requests altering the filter to be incorrectly treated as read-only.

Affected versions

These vulnerabilities affect the following versions of MongoDB Community Edition and Percona Server for MongoDB:

  • All Percona Server for MongoDB 8.0.x versions
  • MongoDB Community 8.0 versions prior to 8.0.18

These issues are fixed in the upstream MongoDB 8.0 patch line and are included in Percona Server for MongoDB 8.0.19-7. We strongly recommend upgrading to 8.0.19-7 to ensure your deployments include the latest security fixes.

Tools packaged with this release

Percona Server for MongoDB packages the following MongoDB tools:

Bugs fixed

  • PSMDB-1922: Resolved an issue where the auditGetOptions command could be executed by users with any privilege level. Access is now strictly restricted to users with admin privileges, aligning its security requirements with the getParameter command to prevent unauthorized access to audit configuration options.