Security Advisory

CVE-2026-4148

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-17 15:53:57

Last updated 2026-03-18 03:55:44

Assigner mongodb

State PUBLISHED

Description

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.

← Browse all CVEs View on cve.org ↗