CVE-2026-8200

2.7 LOW

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log mes...

Published: 2026-05-13 · Last updated: 2026-05-18

Severity and scoring

CVSS: 2.7 LOW
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-532

Affected products

Vendor	Product
mongodb	mongodb

Description

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8200
[Vendor advisory]https://jira.mongodb.org/browse/SERVER-121895

Related CVEs

Same vendor

CVE-2026-8336 — After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, a... (7.5 HIGH)
CVE-2026-8202 — Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenti... (4.3 MEDIUM)
CVE-2026-8053 — An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger... (8.8 HIGH)

Same CWE

CVE-2026-0267 — An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured p...
CVE-2026-9751 — The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in p... (5.5 MEDIUM)
CVE-2026-9735 — MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication (5.5 MEDIUM)
CVE-2026-45581 — fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs (5.5 MEDIUM)
CVE-2026-50205 — System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data (8.2 HIGH)