Marcos José Grillo Ramirez

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions prior to 5.0.22 MongoDB Server versions prior to 6.0.11 MongoDB Server versions prior to 7.0.3 **Description** A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. **Recommendations** For MongoDB Server versions prior to 5.0.22, update to version 5.0.22 or later. For MongoDB Server versions prior to 6.0.11, update to version 6.0.11 or later. For MongoDB Server versions prior to 7.0.3, update to version 7.0.3 or later.