Adrian Gonzalez Montemayor

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions 4.4 through 6.3 MongoDB Server versions 5.0.0 through 5.0.14 **Description** The issue is related to incorrect client certificate validation when the MongoDB Server is configured to use TLS with specific configuration options on Windows or macOS. This potentially allows a client to establish a TLS connection with the server by supplying any certificate. **Recommendations** For MongoDB Server version 4.4, update to a version that includes the fix for this issue. For MongoDB Server version 5.0, update to a version later than 5.0.14. For MongoDB Server version 6.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting TLS connections to only trusted clients until a patch is available. Restrict access to the MongoDB Server to minimize the risk of exploitation.