An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series bucket catalog. Under certain conditions this can result in arbitrary code execution.
This issue impacts MongoDB Server v5.0 versions prior to 5.0.33, v6.0 versions prior to 6.0.28, v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8053.json",
"cwe_ids": [
"CWE-787"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "5.0"
},
{
"fixed": "5.0.33"
},
{
"introduced": "6.0"
},
{
"fixed": "6.0.28"
},
{
"introduced": "7.0"
},
{
"fixed": "7.0.34"
},
{
"introduced": "8.0"
},
{
"fixed": "8.0.23"
},
{
"introduced": "8.2"
},
{
"fixed": "8.2.9"
},
{
"introduced": "8.3"
},
{
"fixed": "8.3.2"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "mongodb"
}{
"cpe": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.33"
},
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.28"
},
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.34"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.23"
},
{
"introduced": "8.2.0"
},
{
"fixed": "8.2.9"
},
{
"introduced": "8.3.0"
},
{
"fixed": "8.3.2"
}
]
}[
{
"source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "17181056965332531028681155129851284942",
"length": 988.0
},
"id": "CVE-2026-8053-08ad15c4",
"signature_type": "Function",
"target": {
"function": "Obj::search",
"file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"177361865065735962293648793371738015520",
"56663648429656493573312763376701299105",
"184179022178081026556663717830952869204",
"338093175566202092831974358750630828801"
]
},
"id": "CVE-2026-8053-0d4e9a65",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/4edd43754038019de8c0d291443994c5c1653998",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "160336751880467819348480866775504242950",
"length": 892.0
},
"id": "CVE-2026-8053-0f04c5b1",
"signature_type": "Function",
"target": {
"function": "Obj::search",
"file": "src/mongo/db/timeseries/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "248754881996670566875919044360329754468",
"length": 965.0
},
"id": "CVE-2026-8053-1233fa22",
"signature_type": "Function",
"target": {
"function": "Obj::search",
"file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e55c99fa494dec4e5b859f7f782071e098a9460c",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"291363120804310266702293571491914596809",
"33869876076183871238703932409763090783"
]
},
"id": "CVE-2026-8053-1b4e3108",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/minmax_test.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e55c99fa494dec4e5b859f7f782071e098a9460c",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "270297972959048534375146415854313031835",
"length": 944.0
},
"id": "CVE-2026-8053-33613fda",
"signature_type": "Function",
"target": {
"function": "Obj::insert",
"file": "src/mongo/db/timeseries/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"65317806234226920521720845331578521082",
"245205739251347437876425597495755876481",
"109749818435937265218130737097210075244",
"247724741587646782412887786320692163933",
"328299337808136919563643867456051799671",
"168020673177810988486900283615589649830",
"170052273858241919648121125823866015059",
"177147919177640274616929074969145590120",
"140861398997613641900615087528359816369",
"294172095836668649572112064188327133592",
"103431700251158212873865689548307615353",
"21787099695343064233815986318428483963",
"157562864901160561707888628653518219141",
"250504151046058816035709411326397744704"
]
},
"id": "CVE-2026-8053-3797dc56",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"292572099948037041716578539154433823516",
"168860491958264251483141325059901754282",
"304117868208266248508117415656816929694",
"179593579132299061605021834936400112936"
]
},
"id": "CVE-2026-8053-3d904649",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "70226459102367042737321538611145560590",
"length": 1050.0
},
"id": "CVE-2026-8053-46a07206",
"signature_type": "Function",
"target": {
"function": "Obj::insert",
"file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"291363120804310266702293571491914596809",
"33869876076183871238703932409763090783"
]
},
"id": "CVE-2026-8053-55c6a28a",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/minmax_test.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "43553138671068495841916643857804982519",
"length": 579.0
},
"id": "CVE-2026-8053-573b1c19",
"signature_type": "Function",
"target": {
"function": "MeasurementMap::insertOne",
"file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "235186305860120437080630099775444005722",
"length": 614.0
},
"id": "CVE-2026-8053-75a9fb4a",
"signature_type": "Function",
"target": {
"function": "MeasurementMap::insertOne",
"file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "284460113755408055723012211659961360780",
"length": 599.0
},
"id": "CVE-2026-8053-7b34e191",
"signature_type": "Function",
"target": {
"function": "MeasurementMap::insertOne",
"file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/4edd43754038019de8c0d291443994c5c1653998",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "270297972959048534375146415854313031835",
"length": 944.0
},
"id": "CVE-2026-8053-7b679049",
"signature_type": "Function",
"target": {
"function": "Obj::insert",
"file": "src/mongo/db/timeseries/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"65317806234226920521720845331578521082",
"77418424018421380114686688518704574493",
"317515015368777078225808890688114070562",
"326214854906577967442080595487639946461",
"170564889008869462625644256705907275570",
"168020673177810988486900283615589649830",
"170052273858241919648121125823866015059",
"176654919317878522102121072790071726106",
"90432907306522700838350746473018895443",
"126293671504703890019011171480361691948",
"252259150684507875211888142394588007716",
"21787099695343064233815986318428483963",
"157562864901160561707888628653518219141",
"250504151046058816035709411326397744704"
]
},
"id": "CVE-2026-8053-909e5027",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/4edd43754038019de8c0d291443994c5c1653998",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"82238767353991071431199669831837451521",
"300890306331485236451588384619404239581",
"308935776024043591147207180064840803695",
"85991295998006030601466033361333518370",
"55614706098133800451164149469985384943",
"162331398168047555794585314395849693663",
"200666119330124675270758015404354697544",
"16234584190249344675863584327207299864"
]
},
"id": "CVE-2026-8053-97a23cfc",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"291363120804310266702293571491914596809",
"33869876076183871238703932409763090783"
]
},
"id": "CVE-2026-8053-99c363df",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/minmax_test.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "41793835850554501932203498494697985687",
"length": 1051.0
},
"id": "CVE-2026-8053-99c94ad3",
"signature_type": "Function",
"target": {
"function": "Obj::insert",
"file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"65317806234226920521720845331578521082",
"245205739251347437876425597495755876481",
"109749818435937265218130737097210075244",
"247724741587646782412887786320692163933",
"328299337808136919563643867456051799671",
"168020673177810988486900283615589649830",
"170052273858241919648121125823866015059",
"177147919177640274616929074969145590120",
"140861398997613641900615087528359816369",
"294172095836668649572112064188327133592",
"103431700251158212873865689548307615353",
"21787099695343064233815986318428483963",
"157562864901160561707888628653518219141",
"250504151046058816035709411326397744704"
]
},
"id": "CVE-2026-8053-a00600ff",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/4edd43754038019de8c0d291443994c5c1653998",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"291363120804310266702293571491914596809",
"33869876076183871238703932409763090783"
]
},
"id": "CVE-2026-8053-a67f090e",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/minmax_test.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"220012559814535802246991203699235448665",
"292813745953450357917782590991431684195",
"151782744504930929400284312418396007787"
]
},
"id": "CVE-2026-8053-ac57b75a",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/measurement_map_test.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"291363120804310266702293571491914596809",
"33869876076183871238703932409763090783"
]
},
"id": "CVE-2026-8053-ae8682c1",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/minmax_test.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e55c99fa494dec4e5b859f7f782071e098a9460c",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"82238767353991071431199669831837451521",
"300890306331485236451588384619404239581",
"308935776024043591147207180064840803695",
"85991295998006030601466033361333518370",
"55614706098133800451164149469985384943",
"162331398168047555794585314395849693663",
"200666119330124675270758015404354697544",
"16234584190249344675863584327207299864"
]
},
"id": "CVE-2026-8053-afc41aa3",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "17181056965332531028681155129851284942",
"length": 988.0
},
"id": "CVE-2026-8053-b20f3e14",
"signature_type": "Function",
"target": {
"function": "Obj::search",
"file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e55c99fa494dec4e5b859f7f782071e098a9460c",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "160336751880467819348480866775504242950",
"length": 892.0
},
"id": "CVE-2026-8053-b2602762",
"signature_type": "Function",
"target": {
"function": "Obj::search",
"file": "src/mongo/db/timeseries/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"113590516626605239294940485100571288810",
"200762295114800290845951546202029883764",
"268316385711008539282353089121521072588",
"184940241524942480541267925278565633866",
"57908861127480025164680135191487105877",
"22008568524960951903435505329165604572",
"283531283680862789255620472702442978052"
]
},
"id": "CVE-2026-8053-b7e9811b",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/measurement_map_test.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/c531abff36f228c5ff24735ddf31a23536716ab0",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"189988079331693010828710016868224288344",
"156644622417418443415807260198870532652",
"127287703221177560262489158943077347278",
"238171269685132529499568082580439161603",
"5099464907976194915440695461937409677",
"12579336589641520520804530894688239105",
"9615073687642051710079005079633121505",
"128352877459597030677197941825486183445",
"73863290553960507209707682947063567550",
"191257911512827898256694559820641371502",
"127277178768055444847121840322197792737"
]
},
"id": "CVE-2026-8053-ca202f9e",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/measurement_map.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/551096db8ad4a951af553de51c5485d5fd91d40d",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "221304163357851772164061278326293544638",
"length": 1066.0
},
"id": "CVE-2026-8053-dd5b676f",
"signature_type": "Function",
"target": {
"function": "Obj::insert",
"file": "src/mongo/db/timeseries/bucket_catalog/flat_bson.cpp"
}
},
{
"source": "https://github.com/mongodb/mongo/commit/e1c5eb1c5d29781674274ced38871c117967302e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"57908861127480025164680135191487105877",
"294900069628020547946929005649193023516",
"229520935428280588577774129365411870335"
]
},
"id": "CVE-2026-8053-f17ae54c",
"signature_type": "Line",
"target": {
"file": "src/mongo/db/timeseries/bucket_catalog/measurement_map_test.cpp"
}
}
]
"2026-07-15T17:34:37Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8053.json"