Primary

Context

MongoDB Segmentation Fault Vulnerability via Invalid Compound Wildcard Index

Vulnerability

Patched

A vulnerability exists in MongoDB that allows an authorized user to cause a segmentation fault, effectively disabling the server. This issue arises when a query is executed against a collection with an invalid compound wildcard index. The vulnerability is present in MongoDB versions 7.0, 8.0, and 8.2, as well as the current master branch.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing the MongoDB server to crash.

Reproduction

To reproduce this vulnerability, create a collection and insert a document. Then, create a compound wildcard index that improperly excludes the '_id' field. Afterward, execute a query that utilizes the index, which will result in a segmentation fault, crashing the server.

Remediation

Users can upgrade to MongoDB versions 8.3.0-rc0, 8.2.4, or 7.0.29 to address this vulnerability.

Added: Feb 10, 2026, 9:13 PM

Updated: Feb 11, 2026, 3:13 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.8

remediation

7.7

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.8

remediation

7.7

relevance

2.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Segmentation Fault Vulnerability via Invalid Compound Wildcard Index

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MongoDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating