CVE-2026-4148

High CVSS: 8.7

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.

Vendor

Product

CWE

CWE-416

Yayın Tarihi

2026-03-17 16:16:23

Güncelleme

2026-03-18 14:52:44

Source Identifier

cna@mongodb.com

KEV Date Added

Kategoriler

CWE-416 HIGH 2026

Referanslar

https://jira.mongodb.org/browse/SERVER-119319