6 matches found
CVE-2026-4358
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...
MongoDB 7.0.x < 7.0.31 / 8.0.x < 8.0.20 / 8.2.x < 8.2.6 / 8.3.0-rc0 Double Free (SERVER-118849)
The version of MongoDB installed on the remote host is 7.0 prior to 7.0.31, 8.0 prior to 8.0.20, 8.2 prior to 8.2.6, and 8.3.0-rc0. It is, therefore, affected by a vulnerability as referenced in the SERVER-118849 advisory. - A specially crafted aggregation query with $lookup by an authenticated...
EUVD-2026-12639
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...
CVE-2026-4358
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...
UBUNTU-CVE-2026-4358
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...
PT-2026-25937
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A specially crafted aggregation query utilizing the $lookup operator, submitted by an authenticated user possessing write privileges, can lead to a double-free or use-after-free memory issue...