Security Advisory

CVE-2026-8201

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-13 00:12:35

Last updated 2026-05-13 14:34:27

Assigner mongodb

State PUBLISHED

Description

A use-after-free vulnerability exists in MongoDBs Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over the structure of a clients FLE-related query. This issue impacts MongoDB Server’s mongocryptd component v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

← Browse all CVEs View on cve.org ↗