Security Advisory

CVE-2026-4358

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-17 19:00:07

Last updated 2026-03-17 20:08:24

Assigner mongodb

State PUBLISHED

Description

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk.

← Browse all CVEs View on cve.org ↗