CVE-2026-8843
Index Creation Flaw in MongoDB Server Causes Server Crash
Publication date: 2026-05-18
Last updated on: 2026-05-18
Assigner: MongoDB, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mongodb | mongodb_server | to 7.0.32 (exc) |
| mongodb | mongodb_server | to 8.0.21 (exc) |
| mongodb | mongodb_server | to 8.2.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when a "2dsphere_bucket" index is created on a non-timeseries bucket collection in MongoDB. Although the index creation succeeds, any subsequent document insertion that triggers an update to this index causes the MongoDB server to crash. A similar problem happens with "queryable_encrypted_range" indices.
How can this vulnerability impact me? :
The impact of this vulnerability is that the MongoDB server can crash when certain indices are updated during document insertion. This can lead to denial of service, causing downtime and potential disruption of applications relying on the database.