Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
MongoDb Use After Free Vulnerability (CVE-2026-8201) - Vulnerability Database

MongoDb Use After Free Vulnerability (CVE-2026-8201)

Description

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s mongocryptd component v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

References

CVE-2026-8201

Related Vulnerabilities

MySQL CVE-2022-21314 Vulnerability (CVE-2022-21314) Medium
Common tags: Missing Update Known Vulnerabilities
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-24977) Medium
Common tags: Missing Update Known Vulnerabilities
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24407) Critical
Common tags: Missing Update Known Vulnerabilities
Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24408) Medium
Common tags: Missing Update Known Vulnerabilities
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554) High
Common tags: Missing Update Known Vulnerabilities

Severity

High

Classification

CVE-2026-8201
CWE-416
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update
Known Vulnerabilities