CVE-2026-8053— FlatBSON Duplicate Field Index Drift

CVSS 8.8 · High EPSS 0.07% · P22 Updated May 15, 2026

Possible ATT&CK Techniques 2AI

T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing Application

Affected Version Matrix 6

Vendor	Product	Version Range	Status
MongoDB, Inc.	MongoDB Server	`5.0< 5.0.33`	affected
		`6.0< 6.0.28`	affected
		`7.0< 7.0.34`	affected
		`8.0< 8.0.23`	affected
		`8.2< 8.2.9`	affected
		`8.3< 8.3.2`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-8053

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

FlatBSON Duplicate Field Index Drift

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series bucket catalog. Under certain conditions this can result in arbitrary code execution. This issue impacts MongoDB Server v5.0 versions prior to 5.0.33, v6.0 versions prior to 6.0.28, v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存写

Source: NVD (National Vulnerability Database)

Vulnerability Title

MongoDB Server 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

MongoDB Server是美国MongoDB公司的一套开源的NoSQL数据库。该数据库提供面向集合的存储、动态查询、数据复制及自动故障转移等功能。 MongoDB Server存在缓冲区错误漏洞，该漏洞源于时间序列集合实现中内部字段名到索引映射不一致，可能导致越界内存写入，认证攻击者可触发任意代码执行。以下版本受到影响：5.0.33之前版本、6.0.28之前版本、7.0.34之前版本、8.0.23之前版本、8.2.9之前版本和8.3.2之前版本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
MongoDB, Inc.	MongoDB Server	5.0 ~ 5.0.33	-

II. Public POCs for CVE-2026-8053

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-8053

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: MongoDB Server

Same vendor: MongoDB, Inc.

Same weakness: CWE-787

V. Comments for CVE-2026-8053

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-8053— FlatBSON Duplicate Field Index Drift

Possible ATT&CK Techniques 2AI

Affected Version Matrix 6

I. Basic Information for CVE-2026-8053

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-8053

III. Intelligence Information for CVE-2026-8053

IV. Related Vulnerabilities

V. Comments for CVE-2026-8053

Leave a comment