PT-2026-40552 · Mongodb · Mongodb Server+1
CVE-2026-8202
·
Published
2026-05-13
·
Updated
2026-05-19
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
MongoDB Server versions prior to 7.0.34
MongoDB Server versions prior to 8.0.23
MongoDB Server versions prior to 8.2.9
MongoDB Server versions prior to 8.3.2
Description
An authenticated user with aggregation permissions can cause CPU utilization to reach 100% for an extended period. This occurs when using a large input string and a densely populated chars mask within the aggregation operators
$trim, $ltrim, and $rtrim.Recommendations
Update to version 7.0.34 or later.
Update to version 8.0.23 or later.
Update to version 8.2.9 or later.
Update to version 8.3.2 or later.
As a temporary workaround, restrict the use of the
$trim, $ltrim, and $rtrim operators for users with aggregation permissions.Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb Server
Mongodb