New2025 wrap-up: Voyage AI, AMP launch, & customer wins. Plus, 2026 predictions. Read blog >
NewBuild better RAG. Voyage 4 models & Reranking API are now on Atlas. Read blog >
NewIntroducing Automated Embedding: One-click vector search, no external models. Read blog >
Blog home
arrow-left

Log4Shell Vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105) and MongoDB

December 13, 2021 | Updated: December 21, 2021

When MongoDB became aware of the Log4Shell vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105), we began an investigation to determine whether there had been any impact to our products, services or internal systems.

As of December 20, 4pm ET, the following is the status of our investigation:

ProductStatus
MongoDB Atlas SearchUpdate - Dec 18: Confirmed log4j removal from production Environment. Atlas Search is no longer affected. Dec. 17: Patched to log4j v.2.16.0 in response to CVE-2021-45046. Dec. 12: Patched to log4j v.2.15.0 in response to CVE-2021-44228. No evidence of exploitation or indicators of compromise prior to the patches were discovered.
All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts)Not affected
MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators)Not affected
MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators)Not affected
MongoDB DriversNot affected
MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors)Not affected
MongoDB Realm (including Realm Database, Sync, Functions, APIs)Not affected

 

We continue to monitor our system and services for any updates. If you have any questions, please visit the MongoDB Community Forums. If you are a MongoDB Commercial Support subscriber and have questions related to your deployments, please open a support case.

MongoDB Resources
Atlas Learning Hub|Customer Case Studies|AI Learning Hub|Documentation|MongoDB University