CVE-2026-8199
7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM.
This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MongoDB, Inc. | MongoDB Server | 7.0 < 7.0.34 | affected |
| MongoDB, Inc. | MongoDB Server | 8.0 < 8.0.23 | affected |
| MongoDB, Inc. | MongoDB Server | 8.2 < 8.2.9 | affected |
| MongoDB, Inc. | MongoDB Server | 8.3 < 8.3.2 | affected |
Weaknesses
- CWE-1325: CWE-1325: Improperly Controlled Sequential Memory Allocation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.