[CLSA-2026:1784131321] Fix CVE(s): CVE-2026-8199
Type:
security
Severity:
Low
Release date:
2026-07-15 16:02:14 UTC
Description:
* SECURITY UPDATE: Excessive memory use parsing $bit* match expressions with large BinData bitmasks - debian/patches/CVE-2026-8199.patch: disable $bit* expressions in SBE and add internalQueryMaxBitTestIntermediatePositions knob to limit the number of bit positions accumulated from a BinData mask in src/mongo/db/matcher/expression_leaf.cpp, src/mongo/db/matcher/expression_parser.cpp, src/mongo/db/query/query_knobs.idl - CVE-2026-8199
CVEs fixed:
Updated packages:
  • mongodb6_6.0.26-1+tuxcare.els15_amd64.deb
    sha:753acbaf0fe1b6e0ab33b2146ef0d236db87ca0f
  • mongodb6-mongos_6.0.26-1+tuxcare.els15_amd64.deb
    sha:9f51a8dad01f37772b175de1aeae006004de6931
  • mongodb6-server_6.0.26-1+tuxcare.els15_amd64.deb
    sha:919d51d303e2439e8851f684bd0b8b9990d50cfe
  • mongodb6-shell_6.0.26-1+tuxcare.els15_amd64.deb
    sha:8ac0c8b1c0305a76cbce82557e304f69f25ebceb
  • mongodb6_6.0.26-1+tuxcare.els15_arm64.deb
    sha:0a1a7b6222a6a9275411f3ab3b996df119cf5051
  • mongodb6-mongos_6.0.26-1+tuxcare.els15_arm64.deb
    sha:7b52e2d801b728ee41dcdc8aae25e2159b31a064
  • mongodb6-server_6.0.26-1+tuxcare.els15_arm64.deb
    sha:1a4a165a987e0a337952bcb3addbcf652d876e64
  • mongodb6-shell_6.0.26-1+tuxcare.els15_arm64.deb
    sha:5abc5a6bac7e443096fc0da7a568fe6bdd390ed8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.