CVE-2026-4148
EUVD-2026-1258717.03.2026, 16:16
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mongodb | mongodb | 7.0.0 ≤ 𝑥 < 7.0.31 |
| mongodb | mongodb | 8.0.0 ≤ 𝑥 < 8.0.20 |
| mongodb | mongodb | 8.2.0 ≤ 𝑥 < 8.2.6 |
| mongodb | mongodb | 8.3.0:alpha0 |
| mongodb | mongodb | 8.3.0:alpha1 |
| mongodb | mongodb | 8.3.0:alpha2 |
| mongodb | mongodb | 8.3.0:alpha3 |
| mongodb | mongodb | 8.3.0:rc1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration