CVE-2026-8063 | MongoDB Server up to 8.2.6 Aggregation rankFusion/scoreFusion null pointer dereference

A vulnerability classified as problematic has been found in MongoDB Server up to 8.2.6. Affected by this vulnerability is an unknown functionality of the component Aggregation Handler. This manipulation of the argument rankFusion/scoreFusion causes null pointer dereference.

This vulnerability is handled as CVE-2026-8063. The attack can be initiated remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More