CVE-2026-4358

🗓️ 17 Mar 2026 19:00:07Reported by mongodbType

CVE-2026-4358: Authenticated user with write rights can cause double free or use-after-free in slot based execution during hash table spill.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2026-4358	17 Mar 202619:00	–	attackerkb
Circl	CVE-2026-4358	17 Mar 202619:16	–	circl
CNNVD	MongoDB Server 安全漏洞	17 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-4358 Memory safety issues in slot-based execution hash table spill	17 Mar 202619:00	–	cvelist
EUVD	EUVD-2026-12639	17 Mar 202621:31	–	euvd
MongoDB	Memory safety issues in slot-based execution hash table spill	17 Mar 202619:00	–	mongodb
Tenable Nessus	MongoDB 7.0.x < 7.0.31 / 8.0.x < 8.0.20 / 8.2.x < 8.2.6 / 8.3.0-rc0 Double Free (SERVER-118849)	20 Mar 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-4358	19 Mar 202600:00	–	nessus
NVD	CVE-2026-4358	17 Mar 202620:16	–	nvd
OSV	BIT-MONGODB-2026-4358 Memory safety issues in slot-based execution hash table spill	6 Apr 202607:54	–	osv

NVD

Node

mongodb mongodbRange7.0.0–7.0.31-

mongodb mongodbRange8.0.0–8.0.20-

mongodb mongodbRange8.2.0–8.2.6-

[
  {
    "vendor": "MongoDB Inc",
    "product": "MongoDB Server",
    "versions": [
      {
        "status": "affected",
        "version": "8.2",
        "lessThan": "8.2.6",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.0",
        "lessThan": "8.0.20",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.0",
        "lessThan": "7.0.31",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-118849

02 Apr 2026 12:16Current

6Medium risk

Vulners AI Score6

CVSS 3.16.4 - 7.5

CVSS 46.1

EPSS0.00041

SSVC

CWE-415