PT-2026-40552 · Mongodb · Mongodb Server+1

CVE-2026-8202

·

Published

2026-05-13

·

Updated

2026-05-19

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.34 MongoDB Server versions prior to 8.0.23 MongoDB Server versions prior to 8.2.9 MongoDB Server versions prior to 8.3.2
Description An authenticated user with aggregation permissions can cause CPU utilization to reach 100% for an extended period. This occurs when using a large input string and a densely populated chars mask within the aggregation operators $trim, $ltrim, and $rtrim.
Recommendations Update to version 7.0.34 or later. Update to version 8.0.23 or later. Update to version 8.2.9 or later. Update to version 8.3.2 or later. As a temporary workaround, restrict the use of the $trim, $ltrim, and $rtrim operators for users with aggregation permissions.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BIT-MONGODB-2026-8202
CVE-2026-8202

Affected Products

Mongodb Server
Mongodb