QSearchQSearch

CVE-2026-8336

7.5 HIGH

After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, a...

Published: 2026-05-13 · Last updated: 2026-05-18

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-416

Affected products

VendorProduct
mongodbmongodb

Description

After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine (through $where, $function, mapreduce reduce stage, etc.) is used also in a specific way, resulting in a post-authentication denial-of-service. This issue impacts MongoDB Server v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-8202 Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenti... (4.3 MEDIUM)
  • CVE-2026-8200 When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log mes... (2.7 LOW)
  • CVE-2026-8053 An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger... (8.8 HIGH)

Same CWE

  • CVE-2026-53462 ImageMagick is free and open-source software used for editing and manipulating digital images (5.9 MEDIUM)
  • CVE-2026-46523 ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
  • CVE-2026-52757 Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable me... (4.4 MEDIUM)
  • CVE-2026-49496 Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when... (6.1 MEDIUM)
  • CVE-2026-45782 Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads