MongoDB 7.0.x < 7.0.34 / 8.0.x < 8.0.23 / 8.2.x < 8.2.9 / 8.3.x < 8.3.2 Multiple Vulnerabilities (SERVER-122032 / SERVER-122449)

The version of MongoDB installed on the remote host is 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, or 8.3 prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - An authenticated user can cause excess memory usage via bitwise match expression AST processing of...

BIT-MONGODB-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

Linux Distros Unpatched Vulnerability : CVE-2026-8201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshare...

EUVD-2026-29892

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

CVE-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB’s Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering the issue requires control over the structure of a client’s FLE-related query. Affected MongoDB Server components and ve...

CVE-2026-8201

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

CVE-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

MongoDB Server 资源管理错误漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 7.0.34, 8.0.23, 8.2.9, and 8.3.2 contain a resource...

PT-2026-40530

Name of the Vulnerable Software and Affected Versions mongocryptd versions prior to 7.0.34 mongocryptd versions prior to 8.0.23 mongocryptd versions prior to 8.2.9 mongocryptd versions prior to 8.3.2 Description A use-after-free issue exists in the Field-Level Encryption FLE query analysis...

Linux Distros Unpatched Vulnerability : CVE-2024-8013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to...

CVE-2024-8013

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

CVE-2024-8013

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

CVE-2024-8013

CVE-2024-8013 stems from a bug in query analysis of certain complex self-referential $lookup subpipelines that can cause literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Impact: if triggered, no documents would be returned or written....

CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

MongoDB mongocryptd和MongoDB Mongo_crypt_v1.so 安全漏洞

MongoDB mongocryptd and MongoDB Mongocryptv1.so are both products of MongoDB, Inc. of the U.S.A. MongoDB mongocryptd is a client-side encryption library.MongoDB Mongocryptv1.so is an auto-encryption shared library used to perform encryption and decryption operations. A security vulnerability exis...