CVE-2026-4148

Опубликовано: 17 мар. 2026

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.

Ссылки

https://jira.mongodb.org/browse/SERVER-119319

EPSS

Процентиль: 15%

0.00047

Низкий

8.8 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

CVE-2026-4148

CVSS3: 8.8

ubuntu

11 дней назад

(A use-after-free vulnerability can be triggered in sharded clusters by ...)

CVE-2026-4148

CVSS3: 8.8

debian

12 дней назад

A use-after-free vulnerability can be triggered in sharded clusters by ...

GHSA-5rch-679r-cv33

CVSS3: 8.8

github

12 дней назад

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.

EPSS

Процентиль: 15%

0.00047

Низкий

8.8 High

CVSS3

Дефекты

CWE-416