CVE-2026-8843

Summary

Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryable_encrypted_range" indices.

This issue affects MongoDB Server v7.0 versions prior to 7.0.32, v8.0 versions prior to 8.0.21 and v8.2 versions prior to 8.2.6

Affected Software

VendorProductVersion RangeStatus
MongoDB, Inc.MongoDB Server7.0 < 7.0.32affected
MongoDB, Inc.MongoDB Server8.0 < 8.0.21affected
MongoDB, Inc.MongoDB Server8.2 < 8.2.6affected

Weaknesses

  • CWE-617: CWE-617: Reachable Assertion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References