BIT-mongodb-2026-8199

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2026-8199.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mongodb-2026-8199

Aliases

CVE-2026-8199

Published

2026-05-14T08:50:15.045Z

Modified

2026-05-14T09:15:39.464326Z

Summary

Post-auth memory exhaustion via bitwise match expressions

Details

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM.

This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Database specific

{
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / mongodb

Package

Name: mongodb
Purl: pkg:bitnami/mongodb

Severity

7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.0.0

Fixed

7.0.34

Introduced

8.0.0

Fixed

8.0.23

Introduced

8.2.0

Fixed

8.2.9

Introduced

8.3.0

Fixed

8.3.2

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2026-8199.json"