Medium severity6.4NVD Advisory· Published Mar 17, 2026· Updated Apr 2, 2026
CVE-2026-4358
CVE-2026-4358
Description
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
1- jira.mongodb.org/browse/SERVER-118849nvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.