Home / Vulnerability Intelligence / CVE-2026-4148

CVE-2026-4148 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 17, 2026

MongoDB - Use After Free

Published: March 17, 2026Updated: March 17, 2026Remote Exploitable

Overview

MongoDB sharded clusters contain a use-after-free vulnerability caused by specially crafted $lookup or $graphLookup aggregation pipelines, letting authenticated users with read role cause memory corruption, exploit requires authenticated read role.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated users with read role can cause memory corruption, potentially leading to denial of service or code execution.

Mitigation

Update to the latest MongoDB version with the fix applied.

References

https://jira.mongodb.org/browse/SERVER-119319

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-4148
Severity: High
CVSS Score: 8.8
Type: use_after_free
Status: new

CWE

CWE-416

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H