Home

Description

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.

PUBLISHED Reserved 2026-05-08 | Published 2026-05-13 | Updated 2026-05-13 | Assigner mongodb




MEDIUM: 4.8CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

LOW: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-532: Insertion of Sensitive Information into Log File

Product status

Default status
unaffected

7.0 (custom) before 7.0.34
affected

8.0 (custom) before 8.0.23
affected

8.2 (custom) before 8.2.9
affected

8.3 (custom) before 8.3.2
affected

References

jira.mongodb.org/browse/SERVER-121895 issue-tracking

cve.org (CVE-2026-8200)

nvd.nist.gov (CVE-2026-8200)

Download JSON