MongoDB 8.3.0 Alpha 0
Approved changes feed: RSS · Atom
cpe:2.3:a:mongodb:mongodb:8.3.0:alpha0:*:*:-:*:*:*
part: a version: 8.3.0 update: alpha0
| Vendor | Mongodb (1aa156a6-63a9-5032-baaf-10197d408a1e) |
|---|---|
| Product | Mongodb (fa9f1f9b-0cc9-5830-a189-b908276ac432) |
| Edition | * |
| Language | * |
| Software edition | - |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/mongodb |
purl2cpe | 2026-06-01 10:11:17.990121 |
pkg:deb/ubuntu/mongodb |
purl2cpe | 2026-06-01 10:11:17.990122 |
pkg:github/mongodb/mongo |
purl2cpe | 2026-06-01 10:11:17.990123 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-4148 |
vulnerable | 2026-06-03 15:26:24.514025 |
ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators
HIGH (8.8)
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
Published: 2026-03-17T15:53:57.874Z
Updated: 2026-03-18T03:55:44.426Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-4147 |
vulnerable | 2026-06-03 15:26:24.510193 |
Stack memory disclosure in filemd5 command
MEDIUM (6.5)
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.
Published: 2026-03-17T15:50:21.888Z
Updated: 2026-03-17T16:09:55.480Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14345 |
vulnerable | 2026-06-03 14:58:55.190179 |
Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server
MEDIUM (4.2)
A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction coordination logic to misinterpret the transaction as committed, resulting in inconsistent state on those shards. This may lead to low integrity and availability impact.
This issue impacts MongoDB Server v8.0 versions prior to 8.0.16, MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB server v8.2 versions prior to 8.2.2.
Published: 2025-12-09T15:00:38.746Z
Updated: 2025-12-09T15:12:28.954Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.