topic Re: MONGODB vulnerability in ZLIB in Splunk Enterprise

MONGODB vulnerability in ZLIB

verbal_666 — Mon, 19 Jan 2026 09:34:51 GMT

Hello.
Recently a critical vulnerability was found in ZLIB of MongoDB.

https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/vulnerability-in-mongodb-product-mongodb-server-leak

Is there a way resolve this internal issue?

Thanks.

Re: MONGODB vulnerability in ZLIB

PickleRick — Mon, 19 Jan 2026 10:25:20 GMT

It will probably be patched in some subsequent release. But the standard disclaimer for all alarm bell ringers applies - verify the scope and exposition surface of your "vulnerabilities". Even if there is an issue with mongodb, normally you shouldn't provide remote access (or even a local one - you don't normally allow users shell access to your Splunk components).

So don't just blindly rush to patch everything just because Nessus or Nexpose flagged something red.

Re: MONGODB vulnerability in ZLIB

verbal_666 — Mon, 19 Jan 2026 11:01:26 GMT

I know it, only SPLUNK instance can access mongodb from localhost only and our SPLUNK it's not exposed outside, only in Intranet.

But my Company wants a solution or a valid explanation to exclude vulnerabilities on the instances 😥

Maybe a formal official SPLUNK communication could help! 😎

Thanks 👍👍👍

Re: MONGODB vulnerability in ZLIB

livehybrid — Mon, 19 Jan 2026 11:12:22 GMT

Hi @verbal_666

Keep an eye on https://advisory.splunk.com/ for any updates regarding this Vuln which will contain details around if/how mitigations should be applied to Splunk.

We are also due a maintenance update to 9.4.x imminently (10.2 was released last week).

Its also worth raising a support case with Splunk directly to discuss this as they may be able to provide additional information under your contract/NDA with them.

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Re: MONGODB vulnerability in ZLIB

verbal_666 — Mon, 19 Jan 2026 11:17:09 GMT

👍👍👍

Re: MONGODB vulnerability in ZLIB

PickleRick — Mon, 19 Jan 2026 11:50:25 GMT

Yes. That's why good vulnerability management process includes actual risk management, not just pure CVSS or whatever magical number the scanner comes up with. The proper behaviour here - for me - would be to create an exception with an explanation of the vulnerability characteristics and "applicability"

Re: MONGODB vulnerability in ZLIB

verbal_666 — Tue, 20 Jan 2026 10:34:02 GMT

Can someone, please, open a case to SPLUNK for official communication?
I get error after sending a NEW CASE

MONGODB Vulnerability CVE-2025-14847 https://www.mongodb.com/company/blog/news/mongodb-server-security-update-december-2025 SPLUNK ENTERPRISE 9.3.X 9.4.X 10.X.X /opt/splunk/bin/splunk cmd mongod -version SECURITY ISSUE

Re: MONGODB vulnerability in ZLIB

PickleRick — Tue, 20 Jan 2026 11:26:27 GMT

If you have an active entitlement and raising support cases gives you error, call your local Splunk sales contact to escalate the issue.

Re: MONGODB vulnerability in ZLIB

verbal_666 — Wed, 04 Feb 2026 07:13:00 GMT

https://advisory.splunk.com/advisories/SVD-2026-0101