>>This [...] vuln is not a breach or compromise of MongoDB

>IANAL, but this seems like a pretty strong stance to take? Who exactly are you blaming here?

You elide the context that explains it. It's a vulnerability in their MongoDB Server product, not a result of MongoDB the company/services being compromised and secrets leaked.