Indexing Flaws in MongoDB Server Affecting Various Versions
CVE-2026-8843

7.1HIGH

Key Information:

Vendor: Mongodb, Inc.
Status: Mongodb Server
Vendor: CVE Published:; 18 May 2026

🔔 Create Mongodb, Inc. Vulnerability Alert

What is CVE-2026-8843?

A problematic scenario is present in MongoDB Server where creating a '2dsphere_bucket' index on a non-timeseries bucket collection leads to server crashes upon inserting documents that trigger index updates. Additionally, the issue extends to the creation of 'queryable_encrypted_range' indices, further impacting database stability. This affects several versions of MongoDB Server, highlighting the need for timely updates to mitigate the risks associated with these vulnerabilities.

Affected Version(s)

MongoDB Server 7.0 < 7.0.32

MongoDB Server 8.0 < 8.0.21

MongoDB Server 8.2 < 8.2.6

References

https://jira.mongodb.org/browse/SERVER-116327

issue-tracking

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-8843 Data

JSON