Description

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

Remediation

References

CVE-2026-8202

Related Vulnerabilities

Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.7.14)

WordPress Plugin Contact Form 7 Dynamic Text Extension Cross-Site Scripting (2.0.2.1)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2154)

WordPress Plugin Responsive Lightbox2 Cross-Site Scripting (1.0.2)

WordPress Plugin Rate my Post-WP Rating System Multiple Vulnerabilities (3.3.4)

Severity

Medium

Classification

CVE-2026-8202 CWE-770 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities