CVE-2026-4148 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 18, 2026
MongoDB - Use After Free
Overview
MongoDB sharded clusters contain a use-after-free vulnerability caused by specially crafted $lookup or $graphLookup aggregation pipelines, letting authenticated users with read role cause memory corruption, exploit requires authenticated read role.
Severity & Score
Impact
Authenticated users with read role can cause memory corruption, potentially leading to denial of service or code execution.
Mitigation
Update to the latest MongoDB version with the fix applied.
Social Media Activity(2 posts)
š CVE-2026-4148 - High (8.8) A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline. š https://www.thehackerwire.com/vulnerability/CVE-2026-4148/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš CVE-2026-4148 - High (8.8) A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline. š https://www.thehackerwire.com/vulnerability/CVE-2026-4148/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-4148
- Severity
- High
- CVSS Score
- 8.8
- Type
- use_after_free
- Status
- unconfirmed
- EPSS
- 4.2%
- Social Posts
- 2
CWE
- CWE-416
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H