PT-2026-40530 · Mongodb · Mongocryptd+1

Published

2026-05-13

·

Updated

2026-05-14

·

CVE-2026-8201

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions mongocryptd versions prior to 7.0.34 mongocryptd versions prior to 8.0.23 mongocryptd versions prior to 8.2.9 mongocryptd versions prior to 8.3.2
Description A use-after-free issue exists in the Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt shared. A use-after-free occurs when a program continues to use a pointer after it has been freed, which can lead to crashes or arbitrary code execution. This issue can be triggered if an attacker has control over the structure of a client's FLE-related query.
Recommendations Update to version 7.0.34 or later. Update to version 8.0.23 or later. Update to version 8.2.9 or later. Update to version 8.3.2 or later.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BIT-MONGODB-2026-8201
CVE-2026-8201

Affected Products

Mongodb
Mongocryptd