Volerion logoVolerion
Volerion logoVolerion

MongoDB Field-Level Encryption Query Analysis Component Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in MongoDB's Field-Level Encryption (FLE) query analysis component. This issue affects client-side uses of mongocryptd and crypt_shared, specifically in MongoDB Server's mongocryptd component versions 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2. The vulnerability arises when an attacker can manipulate the structure of a client's FLE-related query, potentially leading to memory management issues.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Remediation

Users can upgrade to MongoDB versions 8.2.8, 8.0.22, 8.3.0-rc4, 7.0.33, 8.2.9, 8.0.23, or 8.2.10 to address this vulnerability.

Added: May 13, 2026, 4:58 PM
Updated: May 13, 2026, 4:58 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
0.6
exploitability
5.9
remediation
7.7
relevance
8.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.