GHSA-5rch-679r-cv33

Опубликовано: 17 мар. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 8.7

CVSS3: 8.8

Описание

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.

Ссылки

EPSS

Процентиль: 15%

0.00047

Низкий

8.7 High

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2026-4148

Дефекты

CWE-416

Связанные уязвимости

CVE-2026-4148

CVSS3: 8.8

ubuntu

11 дней назад

(A use-after-free vulnerability can be triggered in sharded clusters by ...)

CVE-2026-4148

CVSS3: 8.8

nvd

12 дней назад

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.

CVE-2026-4148

CVSS3: 8.8

debian

12 дней назад

A use-after-free vulnerability can be triggered in sharded clusters by ...

EPSS

Процентиль: 15%

0.00047

Низкий

8.7 High

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2026-4148

Дефекты

CWE-416