BIT-mongodb-2026-8053

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2026-8053.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mongodb-2026-8053

Aliases

CVE-2026-8053

Published

2026-05-19T08:53:42.388Z

Modified

2026-05-19T09:30:11.752950892Z

Summary

FlatBSON Duplicate Field Index Drift

Details

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series bucket catalog. Under certain conditions this can result in arbitrary code execution.

This issue impacts MongoDB Server v5.0 versions prior to 5.0.33, v6.0 versions prior to 6.0.28, v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / mongodb

Package

Name: mongodb
Purl: pkg:bitnami/mongodb

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

5.0.0

Fixed

5.0.33

Introduced

6.0.0

Fixed

6.0.28

Introduced

7.0.0

Fixed

7.0.34

Introduced

8.0.0

Fixed

8.0.23

Introduced

8.2.0

Fixed

8.2.9

Introduced

8.3.0

Fixed

8.3.2

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2026-8053.json"