Basically, attackers can trick servers with fake compressed data, leaking up to 1MB of sensitive memory (passwords, API keys)—no login needed if zlib is enabled and server is online. Real Attack: Ubisoft’s Rainbow Six Siege servers breached; hackers stole old Git code, hacked and ban mod in online game for laughs, gave each players 2B+ credits (~$339T total). Affected Versions: MongoDB 8.2.0-8.2.2, 8.0.0-8.0.16, 7.0.0-7.0.27 (bug since 2017; so pretty much everything) Fix Immediately: Update to 8.2.3/8.0.17 or disable zlib (use snappy/zstd). PoC exploits are public— Super high risk for exposed servers!
