PT-2026-40530 · Mongodb · Mongocryptd+1
Published
2026-05-13
·
Updated
2026-05-14
·
CVE-2026-8201
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
mongocryptd versions prior to 7.0.34
mongocryptd versions prior to 8.0.23
mongocryptd versions prior to 8.2.9
mongocryptd versions prior to 8.3.2
Description
A use-after-free issue exists in the Field-Level Encryption (FLE) query analysis component, affecting client-side uses of
mongocryptd and crypt shared. A use-after-free occurs when a program continues to use a pointer after it has been freed, which can lead to crashes or arbitrary code execution. This issue can be triggered if an attacker has control over the structure of a client's FLE-related query.Recommendations
Update to version 7.0.34 or later.
Update to version 8.0.23 or later.
Update to version 8.2.9 or later.
Update to version 8.3.2 or later.
Exploit
Fix
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb
Mongocryptd