Any security concerns or vulnerabilities discovered in one of MongoDB’s products or hosted services can be responsibly disclosed by utilizing one of the methods described in our create a vulnerability report docs page.
While we greatly appreciate community reports regarding security issues, at this time MongoDB does not provide compensation for vulnerability reports.