BIT-mongodb-2026-8201

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2026-8201.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mongodb-2026-8201
Aliases
  • CVE-2026-8201
Published
2026-05-14T08:50:16.931Z
Modified
2026-05-14T09:15:10.541817Z
Summary
Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields
Details

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over the structure of a client's FLE-related query.

This issue impacts MongoDB Server’s mongocryptd component v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Database specific
{
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / mongodb

Package

Name
mongodb
Purl
pkg:bitnami/mongodb

Severity

  • 6.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.0.0
Fixed
7.0.34
Introduced
8.0.0
Fixed
8.0.23
Introduced
8.2.0
Fixed
8.2.9
Introduced
8.3.0
Fixed
8.3.2

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2026-8201.json"