PT-2026-40531 · Mongodb · Mongodb Server+1

Published

2026-05-13

·

Updated

2026-05-19

·

CVE-2026-8336

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.34 MongoDB Server versions prior to 8.0.23 MongoDB Server versions prior to 8.2.9 MongoDB Server versions prior to 8.3.2
Description An authenticated user can cause a denial-of-service by crashing mongod. This occurs after invoking $ internalJsEmit or the map function of the mapreduce command in a specific manner, followed by the use of the server-side JavaScript engine through $where, $function, or the mapreduce reduce stage.
Recommendations Update to version 7.0.34 or later. Update to version 8.0.23 or later. Update to version 8.2.9 or later. Update to version 8.3.2 or later.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BIT-MONGODB-2026-8336
CVE-2026-8336

Affected Products

Mongodb Server
Mongodb