Crash while joining collections with $lookup
Description
A user with database query privileges can cause denial of service via specially crafted $lookup queries with collations, affecting MongoDB Server prior to 4.2.1, 4.0.13, and 3.6.15.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A user with database query privileges can cause denial of service via specially crafted $lookup queries with collations, affecting MongoDB Server prior to 4.2.1, 4.0.13, and 3.6.15.
Vulnerability
A use-after-free vulnerability exists in MongoDB Server when processing $lookup aggregation stages with collations. An authenticated user with database query privileges can trigger this by issuing specially crafted queries. Affected versions: MongoDB Server v4.2 prior to 4.2.1, v4.0 prior to 4.0.13, and v3.6 prior to 3.6.15 [1].
Exploitation
The attacker must have network access and database query privileges. By crafting a query that uses $lookup with specific collation settings, the attacker triggers a use-after-free condition, leading to a crash of the mongod or mongos process [1].
Impact
Successful exploitation results in a denial of service (availability impact). The CVSS v3.1 score is 6.5 (High) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [1].
Mitigation
Upgrade to fixed versions: MongoDB 4.2.1, 4.0.13, or 3.6.15. No workarounds are documented. If upgrade is not immediately possible, restrict query access to trusted users [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- MongoDB Inc./MongoDB Serverv5Range: 3.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- jira.mongodb.org/browse/SERVER-43350mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.