CVE-2026-8843
Awaiting Analysis Awaiting Analysis - Queue
Index Creation Flaw in MongoDB Server Causes Server Crash

Publication date: 2026-05-18

Last updated on: 2026-05-18

Assigner: MongoDB, Inc.

Description
Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryable_encrypted_range" indices. This issue affects MongoDB Server v7.0 versions prior to 7.0.32, v8.0 versions prior to 8.0.21 and v8.2 versions prior to 8.2.6
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-18
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2026-8843
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
mongodb mongodb_server to 7.0.32 (exc)
mongodb mongodb_server to 8.0.21 (exc)
mongodb mongodb_server to 8.2.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when a "2dsphere_bucket" index is created on a non-timeseries bucket collection in MongoDB. Although the index creation succeeds, any subsequent document insertion that triggers an update to this index causes the MongoDB server to crash. A similar problem happens with "queryable_encrypted_range" indices.

Impact Analysis

The impact of this vulnerability is that the MongoDB server can crash when certain indices are updated during document insertion. This can lead to denial of service, causing downtime and potential disruption of applications relying on the database.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8843. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart