CVE-2026-8053

Source
https://cve.org/CVERecord?id=CVE-2026-8053
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8053.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8053
Aliases
Downstream
Published
2026-05-12T23:59:43.448Z
Modified
2026-07-15T17:34:37.445127Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
FlatBSON Duplicate Field Index Drift
Details

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series bucket catalog. Under certain conditions this can result in arbitrary code execution.

This issue impacts MongoDB Server v5.0 versions prior to 5.0.33, v6.0 versions prior to 6.0.28, v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8053.json",
    "cwe_ids": [
        "CWE-787"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "5.0"
                },
                {
                    "fixed": "5.0.33"
                },
                {
                    "introduced": "6.0"
                },
                {
                    "fixed": "6.0.28"
                },
                {
                    "introduced": "7.0"
                },
                {
                    "fixed": "7.0.34"
                },
                {
                    "introduced": "8.0"
                },
                {
                    "fixed": "8.0.23"
                },
                {
                    "introduced": "8.2"
                },
                {
                    "fixed": "8.2.9"
                },
                {
                    "introduced": "8.3"
                },
                {
                    "fixed": "8.3.2"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "mongodb"
}
References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo
Events
Database specific
{
    "cpe": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.33"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.28"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.34"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.0.23"
        },
        {
            "introduced": "8.2.0"
        },
        {
            "fixed": "8.2.9"
        },
        {
            "introduced": "8.3.0"
        },
        {
            "fixed": "8.3.2"
        }
    ]
}

Affected versions

r5.*
r5.0.0
r5.0.1
r5.0.1-rc0
r5.0.10
r5.0.10-rc0
r5.0.11
r5.0.11-rc0
r5.0.11-rc1
r5.0.12
r5.0.12-rc0
r5.0.13
r5.0.13-rc0
r5.0.14
r5.0.14-rc0
r5.0.15
r5.0.15-rc0
r5.0.15-rc1
r5.0.15-rc2
r5.0.16
r5.0.16-rc0
r5.0.17
r5.0.17-rc0
r5.0.18
r5.0.18-rc0
r5.0.18-rc1
r5.0.18-rc2
r5.0.19
r5.0.19-rc0
r5.0.2
r5.0.2-rc0
r5.0.20
r5.0.20-rc0
r5.0.20-rc1
r5.0.21
r5.0.21-rc0
r5.0.22
r5.0.22-rc0
r5.0.22-rc1
r5.0.23
r5.0.23-rc0
r5.0.24
r5.0.24-rc0
r5.0.25
r5.0.25-rc0
r5.0.26
r5.0.26-rc0
r5.0.27
r5.0.27-rc0
r5.0.28
r5.0.28-rc0
r5.0.29
r5.0.29-rc0
r5.0.3
r5.0.3-rc0
r5.0.3-rc1
r5.0.3-rc2
r5.0.30
r5.0.31
r5.0.31-rc0
r5.0.31-rc1
r5.0.32
r5.0.4
r5.0.4-rc0
r5.0.5
r5.0.5-rc0
r5.0.6
r5.0.6-rc0
r5.0.6-rc1
r5.0.6-rc2
r5.0.7
r5.0.7-rc0
r5.0.7-rc1
r5.0.8
r5.0.8-rc0
r5.0.9
r5.0.9-rc0
r5.0.9-rc1
r6.*
r6.0.0
r6.0.1
r6.0.1-rc0
r6.0.10
r6.0.10-rc0
r6.0.11
r6.0.11-rc0
r6.0.12
r6.0.12-rc0
r6.0.12-rc1
r6.0.13
r6.0.13-rc0
r6.0.14
r6.0.14-rc0
r6.0.14-rc1
r6.0.15
r6.0.15-rc0
r6.0.16
r6.0.16-rc0
r6.0.17
r6.0.17-rc0
r6.0.18
r6.0.18-rc0
r6.0.19
r6.0.2
r6.0.2-rc0
r6.0.2-rc1
r6.0.20
r6.0.20-rc0
r6.0.20-rc1
r6.0.20-rc2
r6.0.20-rc3
r6.0.21
r6.0.24
r6.0.24-alpha0
r6.0.24-rc0
r6.0.25
r6.0.25-rc0
r6.0.26
r6.0.26-rc0
r6.0.27
r6.0.3
r6.0.3-rc0
r6.0.3-rc1
r6.0.3-rc2
r6.0.4
r6.0.4-rc0
r6.0.4-rc1
r6.0.5
r6.0.5-rc0
r6.0.5-rc1
r6.0.6
r6.0.6-rc0
r6.0.6-rc1
r6.0.7
r6.0.7-rc0
r6.0.8
r6.0.8-rc0
r6.0.9
r6.0.9-rc0
r6.0.9-rc1
r7.*
r7.0.0
r7.0.1
r7.0.1-rc0
r7.0.10
r7.0.10-rc0
r7.0.11
r7.0.11-rc0
r7.0.11-rc1
r7.0.11-rc2
r7.0.12
r7.0.12-rc0
r7.0.12-rc1
r7.0.13
r7.0.13-rc0
r7.0.13-rc1
r7.0.14
r7.0.14-rc0
r7.0.15
r7.0.15-rc0
r7.0.15-rc1
r7.0.16
r7.0.16-rc0
r7.0.16-rc1
r7.0.17
r7.0.18
r7.0.2
r7.0.2-rc0
r7.0.2-rc1
r7.0.2-rc2
r7.0.21
r7.0.21-alpha0
r7.0.21-rc0
r7.0.22
r7.0.22-rc0
r7.0.23
r7.0.23-rc0
r7.0.23-rc1
r7.0.24
r7.0.24-rc0
r7.0.25-alpha0
r7.0.26
r7.0.26-rc0
r7.0.27
r7.0.27-alpha0
r7.0.27-rc0
r7.0.3
r7.0.3-rc0
r7.0.3-rc1
r7.0.4
r7.0.4-rc0
r7.0.5
r7.0.5-rc0
r7.0.6
r7.0.6-rc0
r7.0.7
r7.0.7-rc0
r7.0.7-rc1
r7.0.7-rc2
r7.0.8
r7.0.8-rc0
r7.0.9
r7.0.9-rc0
r7.0.9-rc1
r8.*
r8.0.0
r8.0.1
r8.0.1-rc0
r8.0.10
r8.0.10-rc0
r8.0.12
r8.0.12-rc0
r8.0.13
r8.0.13-rc0
r8.0.13-rc1
r8.0.13-rc2
r8.0.14
r8.0.14-rc0
r8.0.14-rc1
r8.0.16
r8.0.16-rc0
r8.0.16-rc1
r8.0.17-alpha0
r8.0.2
r8.0.3
r8.0.4
r8.0.4-rc0
r8.0.5
r8.0.5-rc0
r8.0.5-rc1
r8.0.5-rc2
r8.0.6
r8.2.0
r8.2.1
r8.2.1-rc0
r8.2.1-rc1
r8.2.2
r8.2.2-rc0
r8.2.3-alpha0
r8.2.4-alpha0
r8.2.4-alpha1
r8.3.0
r8.3.1

Database specific

vanir_signatures
[
    {
        "source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "17181056965332531028681155129851284942",
            "length": 988.0
        },
        "id": "CVE-2026-8053-08ad15c4",
        "signature_type": "Function",
        "target": {
            "function": "Obj::search",
            "file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "177361865065735962293648793371738015520",
                "56663648429656493573312763376701299105",
                "184179022178081026556663717830952869204",
                "338093175566202092831974358750630828801"
            ]
        },
        "id": "CVE-2026-8053-0d4e9a65",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/4edd43754038019de8c0d291443994c5c1653998",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "160336751880467819348480866775504242950",
            "length": 892.0
        },
        "id": "CVE-2026-8053-0f04c5b1",
        "signature_type": "Function",
        "target": {
            "function": "Obj::search",
            "file": "src/mongo/db/timeseries/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "248754881996670566875919044360329754468",
            "length": 965.0
        },
        "id": "CVE-2026-8053-1233fa22",
        "signature_type": "Function",
        "target": {
            "function": "Obj::search",
            "file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e55c99fa494dec4e5b859f7f782071e098a9460c",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "291363120804310266702293571491914596809",
                "33869876076183871238703932409763090783"
            ]
        },
        "id": "CVE-2026-8053-1b4e3108",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/minmax_test.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e55c99fa494dec4e5b859f7f782071e098a9460c",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "270297972959048534375146415854313031835",
            "length": 944.0
        },
        "id": "CVE-2026-8053-33613fda",
        "signature_type": "Function",
        "target": {
            "function": "Obj::insert",
            "file": "src/mongo/db/timeseries/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "65317806234226920521720845331578521082",
                "245205739251347437876425597495755876481",
                "109749818435937265218130737097210075244",
                "247724741587646782412887786320692163933",
                "328299337808136919563643867456051799671",
                "168020673177810988486900283615589649830",
                "170052273858241919648121125823866015059",
                "177147919177640274616929074969145590120",
                "140861398997613641900615087528359816369",
                "294172095836668649572112064188327133592",
                "103431700251158212873865689548307615353",
                "21787099695343064233815986318428483963",
                "157562864901160561707888628653518219141",
                "250504151046058816035709411326397744704"
            ]
        },
        "id": "CVE-2026-8053-3797dc56",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "292572099948037041716578539154433823516",
                "168860491958264251483141325059901754282",
                "304117868208266248508117415656816929694",
                "179593579132299061605021834936400112936"
            ]
        },
        "id": "CVE-2026-8053-3d904649",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "70226459102367042737321538611145560590",
            "length": 1050.0
        },
        "id": "CVE-2026-8053-46a07206",
        "signature_type": "Function",
        "target": {
            "function": "Obj::insert",
            "file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "291363120804310266702293571491914596809",
                "33869876076183871238703932409763090783"
            ]
        },
        "id": "CVE-2026-8053-55c6a28a",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/minmax_test.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "43553138671068495841916643857804982519",
            "length": 579.0
        },
        "id": "CVE-2026-8053-573b1c19",
        "signature_type": "Function",
        "target": {
            "function": "MeasurementMap::insertOne",
            "file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "235186305860120437080630099775444005722",
            "length": 614.0
        },
        "id": "CVE-2026-8053-75a9fb4a",
        "signature_type": "Function",
        "target": {
            "function": "MeasurementMap::insertOne",
            "file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "284460113755408055723012211659961360780",
            "length": 599.0
        },
        "id": "CVE-2026-8053-7b34e191",
        "signature_type": "Function",
        "target": {
            "function": "MeasurementMap::insertOne",
            "file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/4edd43754038019de8c0d291443994c5c1653998",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "270297972959048534375146415854313031835",
            "length": 944.0
        },
        "id": "CVE-2026-8053-7b679049",
        "signature_type": "Function",
        "target": {
            "function": "Obj::insert",
            "file": "src/mongo/db/timeseries/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "65317806234226920521720845331578521082",
                "77418424018421380114686688518704574493",
                "317515015368777078225808890688114070562",
                "326214854906577967442080595487639946461",
                "170564889008869462625644256705907275570",
                "168020673177810988486900283615589649830",
                "170052273858241919648121125823866015059",
                "176654919317878522102121072790071726106",
                "90432907306522700838350746473018895443",
                "126293671504703890019011171480361691948",
                "252259150684507875211888142394588007716",
                "21787099695343064233815986318428483963",
                "157562864901160561707888628653518219141",
                "250504151046058816035709411326397744704"
            ]
        },
        "id": "CVE-2026-8053-909e5027",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/4edd43754038019de8c0d291443994c5c1653998",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "82238767353991071431199669831837451521",
                "300890306331485236451588384619404239581",
                "308935776024043591147207180064840803695",
                "85991295998006030601466033361333518370",
                "55614706098133800451164149469985384943",
                "162331398168047555794585314395849693663",
                "200666119330124675270758015404354697544",
                "16234584190249344675863584327207299864"
            ]
        },
        "id": "CVE-2026-8053-97a23cfc",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "291363120804310266702293571491914596809",
                "33869876076183871238703932409763090783"
            ]
        },
        "id": "CVE-2026-8053-99c363df",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/minmax_test.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "41793835850554501932203498494697985687",
            "length": 1051.0
        },
        "id": "CVE-2026-8053-99c94ad3",
        "signature_type": "Function",
        "target": {
            "function": "Obj::insert",
            "file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "65317806234226920521720845331578521082",
                "245205739251347437876425597495755876481",
                "109749818435937265218130737097210075244",
                "247724741587646782412887786320692163933",
                "328299337808136919563643867456051799671",
                "168020673177810988486900283615589649830",
                "170052273858241919648121125823866015059",
                "177147919177640274616929074969145590120",
                "140861398997613641900615087528359816369",
                "294172095836668649572112064188327133592",
                "103431700251158212873865689548307615353",
                "21787099695343064233815986318428483963",
                "157562864901160561707888628653518219141",
                "250504151046058816035709411326397744704"
            ]
        },
        "id": "CVE-2026-8053-a00600ff",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/4edd43754038019de8c0d291443994c5c1653998",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "291363120804310266702293571491914596809",
                "33869876076183871238703932409763090783"
            ]
        },
        "id": "CVE-2026-8053-a67f090e",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/minmax_test.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "220012559814535802246991203699235448665",
                "292813745953450357917782590991431684195",
                "151782744504930929400284312418396007787"
            ]
        },
        "id": "CVE-2026-8053-ac57b75a",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/measurement_map_test.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "291363120804310266702293571491914596809",
                "33869876076183871238703932409763090783"
            ]
        },
        "id": "CVE-2026-8053-ae8682c1",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/minmax_test.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e55c99fa494dec4e5b859f7f782071e098a9460c",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "82238767353991071431199669831837451521",
                "300890306331485236451588384619404239581",
                "308935776024043591147207180064840803695",
                "85991295998006030601466033361333518370",
                "55614706098133800451164149469985384943",
                "162331398168047555794585314395849693663",
                "200666119330124675270758015404354697544",
                "16234584190249344675863584327207299864"
            ]
        },
        "id": "CVE-2026-8053-afc41aa3",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "17181056965332531028681155129851284942",
            "length": 988.0
        },
        "id": "CVE-2026-8053-b20f3e14",
        "signature_type": "Function",
        "target": {
            "function": "Obj::search",
            "file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e55c99fa494dec4e5b859f7f782071e098a9460c",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "160336751880467819348480866775504242950",
            "length": 892.0
        },
        "id": "CVE-2026-8053-b2602762",
        "signature_type": "Function",
        "target": {
            "function": "Obj::search",
            "file": "src/mongo/db/timeseries/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "113590516626605239294940485100571288810",
                "200762295114800290845951546202029883764",
                "268316385711008539282353089121521072588",
                "184940241524942480541267925278565633866",
                "57908861127480025164680135191487105877",
                "22008568524960951903435505329165604572",
                "283531283680862789255620472702442978052"
            ]
        },
        "id": "CVE-2026-8053-b7e9811b",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/measurement_map_test.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "189988079331693010828710016868224288344",
                "156644622417418443415807260198870532652",
                "127287703221177560262489158943077347278",
                "238171269685132529499568082580439161603",
                "5099464907976194915440695461937409677",
                "12579336589641520520804530894688239105",
                "9615073687642051710079005079633121505",
                "128352877459597030677197941825486183445",
                "73863290553960507209707682947063567550",
                "191257911512827898256694559820641371502",
                "127277178768055444847121840322197792737"
            ]
        },
        "id": "CVE-2026-8053-ca202f9e",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "221304163357851772164061278326293544638",
            "length": 1066.0
        },
        "id": "CVE-2026-8053-dd5b676f",
        "signature_type": "Function",
        "target": {
            "function": "Obj::insert",
            "file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
        }
    },
    {
        "source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "57908861127480025164680135191487105877",
                "294900069628020547946929005649193023516",
                "229520935428280588577774129365411870335"
            ]
        },
        "id": "CVE-2026-8053-f17ae54c",
        "signature_type": "Line",
        "target": {
            "file": "src/mongo/db/timeseries/bucket_catalog/measurement_map_test.cpp"
        }
    }
]
vanir_signatures_modified
"2026-07-15T17:34:37Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8053.json"