Skip to content
Percona Software for MongoDB Documentation

Rate this page
Thanks for your feedback
Thank you! The feedback has been submitted.

Get free database assistance or contact our experts for personalized support.

Get help from Percona

Percona Server for MongoDB 8.0.23-10 (2026-05-21)

Installation Upgrade from MongoDB Community

Percona Server for MongoDB 8.0.23-10 is an enhanced, source-available, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB Community Edition.

Percona Server for MongoDB 8.0.23-10 includes the improvements and bug fixes of:

It supports protocols and drivers of MongoDB Community 8.0.23.

Security updates: CVE fixes from upstream MongoDB

This release includes upstream MongoDB security fixes for the following vulnerabilities:

High severity

  • SERVER-126021 (CVE-2026-8053): Fixed a vulnerability in MongoDB Server’s time-series collection implementation where an authenticated user with database write privileges could trigger an out-of-bounds memory write in the mongod process. Under certain conditions, this issue could lead to arbitrary code execution.

  • SERVER-122449 (CVE-2026-8199): Fixed an issue where an authenticated user could cause excessive memory consumption during Abstract Syntax Tree (AST) processing of the $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear operators. This could lead to increased memory pressure and potential service unavailability due to out-of-memory (OOM) conditions.

  • SERVER-121610 (CVE-2026-8336): Fixed a vulnerability where an authenticated user could crash the mongod process through specially crafted use of $_internalJsEmit (an internal function not intended for direct use), or by manipulating the mapReduce command’s map function in combination with server-side JavaScript execution features such as $where, $function, or the mapReduce reduce stage.

Medium severity

  • SERVER-122032 (CVE-2026-8201): Fixed a use-after-free vulnerability in MongoDB’s Field-Level Encryption (FLE) query analysis component affecting client-side deployments using mongocryptd and crypt_shared. A specially crafted FLE-related query could cause unexpected behavior or client instability.

  • SERVER-120668 (CVE-2026-8202): Fixed an issue in the $trim, $ltrim, and $rtrim aggregation operators where specially crafted inputs could cause excessive CPU consumption. An authenticated user with aggregation privileges could exploit this issue to impact database performance and availability.

  • SERVER-121895 (CVE-2026-8200): Fixed an issue where schema validation failures could result in unredacted user data being written to server logs. Under certain insert or update operations that violated schema validation rules, sensitive information could be exposed in local log files.

Affected versions

These vulnerabilities affect the following versions of MongoDB Community Edition and Percona Server for MongoDB:

  • All Percona Server for MongoDB 8.0.x versions
  • MongoDB Community 8.0 versions prior to 8.0.23