{"id":"CVE-2026-11933","summary":"Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion","details":"A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript (for example, via $where or $function) can cause the server to access memory that has already been freed. This may result in disclosure of information from the mongod process memory or a denial of service through a server crash.","aliases":["BIT-mongodb-2026-11933"],"modified":"2026-07-08T08:12:22.724321227Z","published":"2026-06-12T01:57:32.014Z","database_specific":{"cwe_ids":["CWE-787"],"unresolved_ranges":[{"extracted_events":[{"introduced":"8.3.0"},{"last_affected":"8.3.3"},{"introduced":"8.2.0"},{"last_affected":"8.2.10"},{"introduced":"8.0.0"},{"last_affected":"8.0.25"},{"introduced":"7.0.0"},{"last_affected":"7.0.36"},{"introduced":"6.0"},{"last_affected":"6.0.28"},{"introduced":"5.0"},{"last_affected":"5.0.33"},{"introduced":"4.4.0"},{"last_affected":"4.4.30"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"mongodb","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11933.json"},"references":[{"type":"WEB","url":"https://jira.mongodb.org/browse/SERVER-128125"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11933.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-11933"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"563487e100c4215e2dce98d0af2a6a5a2d67c5cf"},{"fixed":"cfe43bb3f7ade50c4ee108dfc329d6d4d3318b41"},{"introduced":"1184f004a99660de6f5e745573419bda8a28c0e9"},{"fixed":"ec6cf1afb7921a56e14e2a13cd51781a3c8ebbb1"},{"introduced":"e61bf27c2f6a83fed36e5a13c008a32d563babe2"},{"fixed":"33f30ee3b0d8525f8ee409ead1e3b847bfb1eac1"},{"introduced":"37d84072b5c5b9fd723db5fa133fb202ad2317f1"},{"fixed":"a820e42c7df1381abd963332bd157abe76efe4e6"},{"introduced":"b41cda4fe697dce6fd9b83b3805362ccc02fbeb3"},{"fixed":"feca9bec037cc018d9b398a30e7bc8ab22d4aa2b"},{"introduced":"b993867dce63dd366cd93e60f3f425ed716f6497"},{"fixed":"3173cdbda3516e78038bceee2fc818a533f36be5"},{"introduced":"0f29b043a58fdd251ce0a0b32754b8459613c933"},{"fixed":"e218b5151154a32364397c2c00c3f806d68e83ba"}],"database_specific":{"cpe":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*","extracted_events":[{"introduced":"4.4.0"},{"fixed":"4.4.31"},{"introduced":"5.0.0"},{"fixed":"5.0.34"},{"introduced":"6.0.0"},{"fixed":"6.0.29"},{"introduced":"7.0.0"},{"fixed":"7.0.37"},{"introduced":"8.0.0"},{"fixed":"8.0.26"},{"introduced":"8.2.0"},{"fixed":"8.2.11"},{"introduced":"8.3.0"},{"fixed":"8.3.4"}],"source":"CPE_RANGE"}}],"versions":["r4.4.30","r7.0.36","r8.0.25","r8.0.24","r7.0.35","r8.2.10","r6.0.28","r5.0.33","r8.3.3","r8.3.0","r6.0.27","r5.0.32","r8.2.4-alpha1","r8.2.4-alpha0","r7.0.27-rc0","r7.0.27","r8.0.17-alpha0","r8.0.16-rc1","r8.0.16","r7.0.27-alpha0","r7.0.26-rc0","r7.0.26","r8.2.3-alpha0","r8.2.2-rc0","r8.2.2","r8.0.16-rc0","r8.0.14-rc1","r8.0.14","r7.0.24-rc0","r7.0.24","r8.2.1-rc1","r8.2.1","r8.2.1-rc0","r6.0.26-rc0","r6.0.26","r7.0.25-alpha0","r8.0.14-rc0","r8.2.0","r8.0.13-rc2","r8.0.13","r6.0.25-rc0","r6.0.25","r8.0.13-rc1","r8.0.13-rc0","r7.0.23-rc1","r7.0.23","r7.0.23-rc0","r7.0.22-rc0","r7.0.22","r8.0.12-rc0","r8.0.12","r8.0.10-rc0","r8.0.10","r6.0.24-rc0","r6.0.24","r7.0.21-rc0","r7.0.21","r6.0.24-alpha0","r7.0.21-alpha0","r7.0.18","r6.0.21","r8.0.6","r7.0.17","r8.0.5-rc2","r8.0.5","r8.0.5-rc1","r8.0.5-rc0","r5.0.31-rc1","r5.0.31","r5.0.31-rc0","r6.0.20-rc3","r6.0.20","r6.0.20-rc2","r6.0.20-rc1","r6.0.20-rc0","r7.0.16-rc1","r7.0.16-rc0","r7.0.16","r8.0.4-rc0","r8.0.4","r6.0.19","r5.0.30","r7.0.15","r8.0.3","r8.0.2","r7.0.15-rc1","r7.0.15-rc0","r8.0.1-rc0","r8.0.1","r8.0.0","r6.0.18-rc0","r6.0.18","r5.0.29-rc0","r5.0.29","r7.0.14-rc0","r7.0.14","r7.0.13-rc1","r7.0.13","r6.0.17-rc0","r6.0.17","r7.0.13-rc0","r5.0.28-rc0","r5.0.28","r7.0.12-rc1","r7.0.12","r7.0.12-rc0","r6.0.16-rc0","r6.0.16","r5.0.27-rc0","r5.0.27","r7.0.11-rc2","r7.0.11","r7.0.11-rc1","r7.0.11-rc0","r7.0.10-rc0","r7.0.10","r7.0.9-rc1","r7.0.9","r7.0.9-rc0","r6.0.15-rc0","r6.0.15","r7.0.8-rc0","r7.0.8","r5.0.26-rc0","r5.0.26","r7.0.7-rc2","r7.0.7","r7.0.7-rc1","r7.0.7-rc0","r4.4.29-rc0","r4.4.29","r5.0.25-rc0","r5.0.25","r6.0.14-rc1","r6.0.14","r7.0.6-rc0","r7.0.6","r6.0.14-rc0","r4.4.28-rc0","r4.4.28","r5.0.24-rc0","r5.0.24","r6.0.13-rc0","r6.0.13","r7.0.5-rc0","r7.0.5","r4.4.27","r4.4.27-rc0","r6.0.12-rc1","r6.0.12","r5.0.23-rc0","r5.0.23","r7.0.4-rc0","r7.0.4","r6.0.12-rc0","r4.4.26-rc0","r4.4.26","r5.0.22-rc1","r5.0.22","r7.0.3-rc1","r7.0.3","r7.0.3-rc0","r5.0.22-rc0","r6.0.11-rc0","r6.0.11","r4.4.25-rc0","r4.4.25","r7.0.2-rc2","r7.0.2","r7.0.2-rc1","r7.0.2-rc0","r5.0.21-rc0","r5.0.21","r6.0.10-rc0","r6.0.10","r7.0.1-rc0","r7.0.1","r7.0.0","r4.4.24-rc0","r4.4.24","r6.0.9-rc1","r6.0.9","r5.0.20-rc1","r5.0.20","r5.0.20-rc0","r6.0.9-rc0","r5.0.19-rc0","r5.0.19","r4.4.23-rc0","r4.4.23","r6.0.8-rc0","r6.0.8","r6.0.7-rc0","r6.0.7","r4.4.22-rc2","r4.4.22","r5.0.18-rc2","r5.0.18","r5.0.18-rc1","r4.4.22-rc1","r4.4.22-rc0","r5.0.18-rc0","r6.0.6-rc1","r6.0.6","r6.0.6-rc0","r4.4.21-rc0","r4.4.21","r5.0.17-rc0","r5.0.17","r4.4.20-rc0","r4.4.20","r5.0.16-rc0","r5.0.16","r6.0.5-rc1","r6.0.5","r6.0.5-rc0","r6.0.4-rc1","r5.0.15-rc2","r5.0.15","r4.4.19-rc2","r4.4.19","r4.4.19-rc1","r5.0.15-rc1","r4.4.19-rc0","r5.0.15-rc0","r6.0.4-rc0","r6.0.4","r5.0.14-rc0","r5.0.14","r6.0.3-rc2","r6.0.3-rc1","r6.0.3","r4.4.18-rc0","r4.4.18","r6.0.3-rc0","r4.4.17-rc2","r4.4.17","r6.0.2-rc1","r6.0.2","r5.0.13-rc0","r5.0.13","r4.4.17-rc1","r4.4.17-rc0","r5.0.12-rc0","r5.0.12","r6.0.2-rc0","r5.0.11-rc1","r5.0.11","r5.0.11-rc0","r4.4.16-rc0","r4.4.16","r6.0.1-rc0","r6.0.1","r5.0.10-rc0","r5.0.10","r6.0.0","r4.4.15-rc0","r4.4.15","r5.0.9-rc1","r5.0.9","r5.0.9-rc0","r4.4.14-rc0","r4.4.14","r5.0.8-rc0","r5.0.8","r5.0.7-rc1","r5.0.7","r5.0.7-rc0","r4.4.13-rc0","r4.4.13","r5.0.6-rc2","r5.0.6","r5.0.6-rc1","r4.4.12-rc1","r4.4.12","r5.0.6-rc0","r4.4.12-rc0","r4.4.11-rc1","r4.4.11","r5.0.5-rc0","r5.0.5","r4.4.11-rc0","r5.0.4-rc0","r5.0.4","r4.4.10-rc0","r4.4.10","r4.4.9-rc1","r4.4.9","r5.0.3-rc2","r5.0.3","r5.0.3-rc1","r4.4.9-rc0","r5.0.3-rc0","r4.4.8-rc0","r4.4.8","r5.0.2-rc0","r5.0.2","r4.4.7-rc1","r4.4.7","r5.0.1-rc0","r5.0.1","r5.0.0","r4.4.7-rc0","r4.4.6-rc0","r4.4.6","r4.4.5-rc0","r4.4.5","r4.4.4-rc1","r4.4.4","r4.4.4-rc0","r4.4.3-rc0","r4.4.3","r4.4.2-rc1","r4.4.2","r4.4.2-rc0","r4.4.1-rc3","r4.4.1","r4.4.1-rc2","r4.4.1-rc1","r4.4.1-rc0","r4.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11933.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}