UBUNTU-CVE-2026-8053

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-8053

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8053.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-8053

Upstream

CVE-2026-8053

Published

2026-05-13T04:17:00Z

Modified

2026-05-20T22:03:07.813392418Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series bucket catalog. Under certain conditions this can result in arbitrary code execution. This issue impacts MongoDB Server v5.0 versions prior to 5.0.33, v6.0 versions prior to 6.0.28, v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

References

Affected packages

Ubuntu:Pro:14.04:LTS / mongodb

Package

Name: mongodb
Purl: pkg:deb/ubuntu/mongodb?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.4.6-0ubuntu5

1:2.4.6-0ubuntu6

1:2.4.8-1ubuntu1

1:2.4.8-2

1:2.4.9-1

1:2.4.9-1ubuntu1

1:2.4.9-1ubuntu2

1:2.4.9-1ubuntu2+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:2.4.9-1ubuntu2+esm2"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:2.4.9-1ubuntu2+esm2"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:2.4.9-1ubuntu2+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8053.json"

Ubuntu:Pro:16.04:LTS / mongodb

Package

Name: mongodb
Purl: pkg:deb/ubuntu/mongodb?arch=source&distro=esm-apps%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.6.10-0ubuntu1

1:2.6.10-0ubuntu1+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:2.6.10-0ubuntu1+esm2"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:2.6.10-0ubuntu1+esm2"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:2.6.10-0ubuntu1+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8053.json"

Ubuntu:Pro:18.04:LTS / mongodb

Package

Name: mongodb
Purl: pkg:deb/ubuntu/mongodb?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.4.7-1

1:3.4.7-1ubuntu1

1:3.4.7-1ubuntu2

1:3.4.7-1ubuntu4

1:3.4.14-3ubuntu1

1:3.4.14-3ubuntu2

1:3.6.3-0ubuntu1

1:3.6.3-0ubuntu1.1

1:3.6.3-0ubuntu1.3

1:3.6.3-0ubuntu1.4

1:3.6.3-0ubuntu1.4+esm1

1:3.6.3-0ubuntu1.4+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:3.6.3-0ubuntu1.4+esm2"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:3.6.3-0ubuntu1.4+esm2"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:3.6.3-0ubuntu1.4+esm2"
        },
        {
            "binary_name": "mongodb-server-core",
            "binary_version": "1:3.6.3-0ubuntu1.4+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8053.json"

Ubuntu:Pro:20.04:LTS / mongodb

Package

Name: mongodb
Purl: pkg:deb/ubuntu/mongodb?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu2

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3

1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mongodb",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1"
        },
        {
            "binary_name": "mongodb-clients",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1"
        },
        {
            "binary_name": "mongodb-server",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1"
        },
        {
            "binary_name": "mongodb-server-core",
            "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-8053.json"