Volerion logoVolerion
Volerion logoVolerion

MongoDB Server Null Pointer Dereference Vulnerability in Aggregation Pipeline Handling

Vulnerability

A denial-of-service vulnerability has been identified in MongoDB Server 8.2 versions prior to 8.2.7. The issue arises when an authenticated user executes the $rankFusion or $scoreFusion commands with an empty aggregation pipeline on a view. The server fails to verify that the pipeline array is not empty before accessing its first element, leading to a null pointer dereference that crashes the server.

Impact

Exploitation of this vulnerability causes the MongoDB server process to crash, leading to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, an authenticated user can run the $rankFusion or $scoreFusion commands on a view with an empty aggregation pipeline. The server will crash due to a null pointer dereference.

Remediation

Users can upgrade to MongoDB Server 8.2.7 or later to address this vulnerability.

Added: May 7, 2026, 6:24 AM
Updated: May 7, 2026, 6:24 AM

Vulnerability Rating

Custom Algorithm
spread
6.8
impact
2.5
exploitability
4.8
remediation
7.7
relevance
7.6
threat
1.6
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.