PT-2026-40531 · Mongodb · Mongodb Server+1
Published
2026-05-13
·
Updated
2026-05-19
·
CVE-2026-8336
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MongoDB Server versions prior to 7.0.34
MongoDB Server versions prior to 8.0.23
MongoDB Server versions prior to 8.2.9
MongoDB Server versions prior to 8.3.2
Description
An authenticated user can cause a denial-of-service by crashing mongod. This occurs after invoking
$ internalJsEmit or the map function of the mapreduce command in a specific manner, followed by the use of the server-side JavaScript engine through $where, $function, or the mapreduce reduce stage.Recommendations
Update to version 7.0.34 or later.
Update to version 8.0.23 or later.
Update to version 8.2.9 or later.
Update to version 8.3.2 or later.
Fix
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb Server
Mongodb