Primary

Context

MongoDB Server Denial-of-Service Vulnerability in Aggregation Trim Operators

Vulnerability

Patched

A denial-of-service vulnerability has been identified in MongoDB Server aggregation operators $trim, $ltrim, and $rtrim. By using a densely populated character mask and a large input string, an authenticated user with aggregation permissions can cause CPU utilization to spike to 100% for an extended period. This issue affects MongoDB Server versions 7.0 prior to 7.0.34, 8.0 prior to 8.0.23, 8.2 prior to 8.2.9, and 8.3 prior to 8.3.2.

Impact

Exploitation of this vulnerability leads to a significant increase in CPU usage, causing potential performance degradation on the affected server.

Remediation

Users can upgrade to MongoDB Server versions 8.3.0-rc0, 8.2.8, 8.0.22, or 7.0.34 to address this vulnerability.

Added: May 13, 2026, 4:57 PM

Updated: May 13, 2026, 4:57 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

7.7

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.9

remediation

7.7

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MongoDB Server Denial-of-Service Vulnerability in Aggregation Trim Operators

Vulnerability

Impact

Remediation

Affected Products

MongoDB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating