Data Exposure Vulnerability in MongoDB Server
CVE-2026-8200

4.8MEDIUM

Key Information:

Vendor: Mongodb, Inc.
Status: Mongodb Server
Vendor: CVE Published:; 13 May 2026

🔔 Create Mongodb, Inc. Vulnerability Alert

What is CVE-2026-8200?

A vulnerability in MongoDB Server occurs when schema validation is enabled, and an update or insert operation violates the collection’s schema. In such cases, the local server log generated may inadvertently display user data without adequate redaction, leading to potential data exposure risks. This affects multiple versions of MongoDB Server, highlighting the importance of timely updates to mitigate such security issues.

Affected Version(s)

MongoDB Server 7.0 < 7.0.34

MongoDB Server 8.0 < 8.0.23

MongoDB Server 8.2 < 8.2.9

References

https://jira.mongodb.org/browse/SERVER-121895

issue-tracking

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 8, 2026

CVE-2026-8200 Data

JSON