The host is installed with MongoDB 3.6 before 3.6.9 or 4.0 before 4.0.3 and is prone to an unexpected status code or return value vulnerability. A flaw is present in the application which fails to handle specially crafted queries with compound indexes affecting QueryPlanner. Successful exploitation can cause denial of service.