Alienbin is an anonymous code and text sharing web service developed by Blue-B. In versions 1.0.0 and earlier, the /save endpoint in the server.js file manages the MongoDB TTL (Time To Live) index on the post collection by dropping and recreating it every time a new paste is submitted. This design flaw introduces a race condition vulnerability (CWE-362) where the TTL index's expireAfterSeconds value is globally reset based on the TTL of the most recent paste submission. For example, if User B submits a paste with a TTL of 30 seconds, the TTL index is recreated with expireAfterSeconds set to 30 seconds for the entire collection. Consequently, User A's paste, which might have been intended to persist for 7 days, will now expire and be deleted after only 30 seconds. An attacker can exploit this by repeatedly submitting pastes with very short TTL values, causing all existing pastes to be prematurely deleted. This vulnerability impacts data availability and integrity by allowing unauthorized mass deletion of stored pastes. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on availability. No patches or fixes are currently linked, and no known exploits have been observed in the wild as of the publication date.

The primary impact of CVE-2026-31827 is on data availability and integrity within the Alienbin service. Attackers can cause mass deletion of stored pastes by manipulating the TTL index, leading to loss of user-submitted content. For organizations relying on Alienbin for anonymous code or text sharing, this could disrupt collaboration, cause data loss, and damage user trust. Since the vulnerability can be exploited remotely without authentication or user interaction, it poses a significant risk of denial-of-service-like conditions where legitimate data is deleted prematurely. This could also be leveraged in targeted attacks to erase specific users' data or disrupt services that depend on persistent pastes. The vulnerability does not directly impact confidentiality but undermines the reliability and availability of the service. Given the ease of exploitation and the global accessibility of the service, the threat could affect a broad range of users and organizations worldwide.

To mitigate CVE-2026-31827, organizations using Alienbin should implement the following specific measures: 1) Avoid dropping and recreating the MongoDB TTL index on the entire collection for each new paste submission. Instead, create a single TTL index with a fixed expireAfterSeconds value and manage per-document expiration using a dedicated field with MongoDB's TTL feature. 2) Implement application-level logic to set individual document expiration times without altering the global TTL index. 3) Restrict the ability to submit pastes with extremely short TTL values by enforcing minimum TTL thresholds or validating TTL inputs server-side. 4) Monitor and rate-limit paste submissions to prevent abuse through rapid repeated submissions that could trigger mass deletions. 5) Upgrade to a patched version of Alienbin once available or apply custom patches to fix the index recreation logic. 6) Regularly back up the paste collection to enable recovery from unintended deletions. 7) Audit and log paste submissions and TTL index changes to detect suspicious activity. These targeted mitigations address the root cause of the race condition and minimize the risk of exploitation.