MongoDB Server 7.0 log message data leak via schema validation prior to 7.0.34
CVE-2026-8200 Published on May 13, 2026
Schema validation log messages may not redact user data
When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted.
This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.
Vulnerability Analysis
CVE-2026-8200 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2026-8200
Want to know whenever a new CVE is published for MongoDB? stack.watch will email you.
Affected Versions
MongoDB, Inc. MongoDB Server:- Version 7.0 and below 7.0.34 is affected.
- Version 8.0 and below 8.0.23 is affected.
- Version 8.2 and below 8.2.9 is affected.
- Version 8.3 and below 8.3.2 is affected.