VYPR
Medium severity6.4NVD Advisory· Published Mar 17, 2026· Updated Apr 2, 2026

CVE-2026-4358

CVE-2026-4358

Description

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution (SBE) engine when an in-memory hash table is spilled to disk.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • MongoDB/MongoDB2 versions
    cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*+ 1 more
    • cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*range: >=7.0.0,<7.0.31
    • (no CPE)
  • osv-coords
    Range: >= 7.0.0, < 7.0.31

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.