[CLSA-2026:1784131500] Fix CVE(s): CVE-2026-8199
Type:
security
Severity:
Low
Release date:
2026-07-15 16:05:14 UTC
Description:
* SECURITY UPDATE: Excessive memory use parsing $bit* match expressions with large BinData bitmasks - debian/patches/CVE-2026-8199.patch: disable $bit* expressions in SBE and add internalQueryMaxBitTestIntermediatePositions knob to limit the number of bit positions accumulated from a BinData mask in src/mongo/db/matcher/expression_leaf.cpp, src/mongo/db/matcher/expression_parser.cpp, src/mongo/db/query/query_knobs.idl - CVE-2026-8199
CVEs fixed:
Updated packages:
  • mongodb6_6.0.26-1+tuxcare.els15_amd64.deb
    sha:753acbaf0fe1b6e0ab33b2146ef0d236db87ca0f
  • mongodb6-mongos_6.0.26-1+tuxcare.els15_amd64.deb
    sha:59b4cf2700cc3b9dfd01d15b9791d30ddb3cb1b4
  • mongodb6-server_6.0.26-1+tuxcare.els15_amd64.deb
    sha:0b03e641d534d4b8a6f89f3c570887bd1ff002df
  • mongodb6-shell_6.0.26-1+tuxcare.els15_amd64.deb
    sha:c842d21df69191d87fc040473214848bb843ab37
  • mongodb6_6.0.26-1+tuxcare.els15_arm64.deb
    sha:0a1a7b6222a6a9275411f3ab3b996df119cf5051
  • mongodb6-mongos_6.0.26-1+tuxcare.els15_arm64.deb
    sha:424a14ac643d2b0f2248d4bfc12a4ae1717653cf
  • mongodb6-server_6.0.26-1+tuxcare.els15_arm64.deb
    sha:cfff13e1f5580396d6dd1e1043e8be219d44b9db
  • mongodb6-shell_6.0.26-1+tuxcare.els15_arm64.deb
    sha:81901f0aff6f1765a9b897f3eb4c6fd232be0942
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.