CVE-2026-4358

Published: Mar 17, 2026 Last Modified: Mar 17, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,1

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 6,4

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: high

Description

AI Translation Available

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk.

415

Double Free

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Modify Memory Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: C, C++, Memory-Unsafe

Likelihood of Exploit: High

View CWE Details

https://jira.mongodb.org/browse/SERVER-118849

CVE-2026-4358

Description

Double Free

Common Consequences

Applicable Platforms

Iscriviti alla newsletter