Full Report
Commvault security advisory (AV26-120)
Analysis Summary
# Vulnerability: Commvault MongoBleed Memory Disclosure
## CVE Details
- CVE ID: CVE-2025-14847 (Inferred from associated advisory link, as direct CVE/CVSS details were not fully present in the text)
- CVSS Score: N/A ([N/A])
- CWE: N/A
## Affected Systems
- Products: Commvault Windows
- Versions:
- 11.32.0 to 11.32.128
- 11.36.0 to 11.36.89
- 11.40.0 to 11.40.136
- Configurations: N/A (Implied to affect standard installations of these versions)
## Vulnerability Description
The advisory points to **CV\_2026\_02\_1**, which references a **MongoBleed: MongoDB Memory Disclosure Vulnerability** affecting the MongoDB component utilized by Commvault. This vulnerability potentially allows for the disclosure of memory contents.
## Exploitation
- Status: Unknown (Requires consulting the linked advisory CV\_2026\_02\_1)
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: High (Memory Disclosure)
- Integrity: N/A
- Availability: N/A
## Remediation
### Patches
Patches are available via updated versions referenced in the Commvault Security Advisories documentation. Users must consult the vendor documentation associated with advisory AV26-120 and the linked advisory (CV\_2026\_02\_1) for specific patched versions.
### Workarounds
No specific workarounds were detailed in the provided summary text. Users should consult the vendor advisories.
## Detection
- Specific Indicators of Compromise (IOCs) are not provided in this summary but are likely detailed in advisory CV\_2026\_02\_1.
- Detection methods require checking component versions against the vulnerable ranges listed above.
## References
- Vendor Advisories:
- https://documentation.commvault.com/securityadvisories/CV_2026_02_1.html
- https://documentation.commvault.com/securityadvisories/