JustAppSec
MEDIUM SeverityCVSS 4.06.1CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:N/SA:N

CVE-2026-8201

Last updated May 13, 2026 · Published May 13, 2026

← Back to list

Description

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s mongocryptd component v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Affected products

2 listed
  • MongoDB
  • Inc.:MongoDB Server

Mappings

CWE

CWE-416

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.