CVE-2026-4358

Name of the Vulnerable Software and Affected Versions MongoDB (affected versions not specified)

Description A specially crafted aggregation query utilizing the $lookup operator, submitted by an authenticated user possessing write privileges, can lead to a double-free or use-after-free memory issue within the slot-based execution (SBE) engine. This occurs when an in-memory hash table is written to disk. The SBE engine is susceptible to this issue when handling specific aggregation queries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.