[CLSA-2026:1783702753] Fix CVE(s): CVE-2026-6915
Type:
security
Severity:
Moderate
Release date:
2026-07-10 16:59:31 UTC
Description:
* SECURITY UPDATE: Missing authorization check when updating a user's authentication mechanisms - debian/patches/CVE-2026-6915.patch: Require changePassword (or changeOwnPassword for self) authorization before allowing the mechanisms field to be updated in checkAuthForTypedCommand for the updateUser command - CVE-2026-6915
CVEs fixed:
Updated packages:
  • mongodb6_6.0.26-1+tuxcare.els13_amd64.deb
    sha:35e5bf1e90850e503e633286db9ca8434d51a3b0
  • mongodb6-mongos_6.0.26-1+tuxcare.els13_amd64.deb
    sha:6925f33859a6283371b0a12903a4ab76b4f6dec7
  • mongodb6-server_6.0.26-1+tuxcare.els13_amd64.deb
    sha:83fcf60c8d6ad4963c715545d54910ce9a2465e1
  • mongodb6-shell_6.0.26-1+tuxcare.els13_amd64.deb
    sha:9e3dff8da4a5c47f1e4902e433e4c00d0a383860
  • mongodb6_6.0.26-1+tuxcare.els13_arm64.deb
    sha:15c830962cbe964f48704274a12d061d2745de83
  • mongodb6-mongos_6.0.26-1+tuxcare.els13_arm64.deb
    sha:cecd4e2b878ca401bbc8d3e2d7acd8119969cc5d
  • mongodb6-server_6.0.26-1+tuxcare.els13_arm64.deb
    sha:fa4e18f4aef0002167a6b8c8b707b4193190fdc0
  • mongodb6-shell_6.0.26-1+tuxcare.els13_arm64.deb
    sha:26fbf27ea291ad74678a1eac2f3cdb3f05ac415f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.