cbcvebase.
CVE-2026-8201
published 2026-05-13

CVE-2026-8201: A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and…

PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.13%
2.9th percentile
A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s mongocryptd component v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Affected

8 ranges
VendorProductVersion rangeFixed in
mongodbmongodb>= 7.0.0 < 7.0.347.0.34
mongodbmongodb>= 8.0.0 < 8.0.238.0.23
mongodbmongodb>= 8.2.0 < 8.2.98.2.9
mongodbmongodb>= 8.3.0 < 8.3.28.3.2
mongodb_incmongodb_server>= 7.0 < 7.0.347.0.34
mongodb_incmongodb_server>= 8.0 < 8.0.238.0.23
mongodb_incmongodb_server>= 8.2 < 8.2.98.2.9
mongodb_incmongodb_server>= 8.3 < 8.3.28.3.2

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.1MEDIUMCVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.