CVE-2026-8053 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 13, 2026
MongoDB Server - Remote Code Execution
Published: May 13, 2026Updated: May 13, 2026Remote Exploitable
Overview
MongoDB Server < 5.0.33, < 6.0.28, < 7.0.34, < 8.0.23, < 8.2.9, and < 8.3.2 contain an out-of-bounds write caused by inconsistency in time-series bucket catalog field-name-to-index mapping, letting authenticated users with write privileges execute arbitrary code.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated users with write privileges can execute arbitrary code, potentially leading to full server compromise.
Mitigation
Upgrade to versions 5.0.33, 6.0.28, 7.0.34, 8.0.23, 8.2.9, 8.3.2 or later.
Related Resources
Details
- CVE ID
- CVE-2026-8053
- Severity
- High
- CVSS Score
- 8.8
- Type
- out_of_bounds_rw
- Status
- unconfirmed
CWE
- CWE-787
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H