MongoDB 8.x — End of Life
EOL soon High risk EOL: Oct 31, 2029in 1240d4 releases in this series18 CVEs
MongoDB 8.x — All releases
| Version | Released | Active support | EOL date | Latest patch | Status |
|---|---|---|---|---|---|
| 8.3 | May 4, 2026 | — | Oct 31, 2029 | 8.3.1 | Active |
| 8.2 | Sep 17, 2025 | — | Jul 31, 2026 | 8.2.6 | EOL soon |
| 8.1 | Jun 20, 2025 | — | Sep 30, 2025 | 8.1.3 | EOL |
| 8.0 | Oct 31, 2024 | — | Oct 31, 2029 | 8.0.21 | Active |
CVEs affecting MongoDB 8.x (18)
| CVE | Severity | CVSS | EPSS | KEV | Cycle | Description | Published |
|---|---|---|---|---|---|---|---|
| CVE-2026-8053 | HIGH | 8.8 | 0.09% | — | 8.2 | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write priv… | May 13, 2026 |
| CVE-2026-8053 | HIGH | 8.8 | 0.09% | — | 8.3 | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write priv… | May 13, 2026 |
| CVE-2026-8053 | HIGH | 8.8 | 0.09% | — | 8.0 | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write priv… | May 13, 2026 |
| CVE-2026-8336 | HIGH | 7.5 | 0.08% | — | 8.3 | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in… | May 13, 2026 |
| CVE-2026-8336 | HIGH | 7.5 | 0.08% | — | 8.2 | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in… | May 13, 2026 |
| CVE-2026-8063 | MEDIUM | 6.5 | 0.07% | — | 8.2 | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When … | May 7, 2026 |
| CVE-2026-8199 | MEDIUM | 6.5 | 0.05% | — | 8.0 | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAny… | May 13, 2026 |
| CVE-2026-8199 | MEDIUM | 6.5 | 0.05% | — | 8.2 | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAny… | May 13, 2026 |
| CVE-2026-8199 | MEDIUM | 6.5 | 0.05% | — | 8.3 | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAny… | May 13, 2026 |
| CVE-2026-8201 | MEDIUM | 6.4 | 0.03% | — | 8.0 | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting clie… | May 13, 2026 |
| CVE-2026-8201 | MEDIUM | 6.4 | 0.03% | — | 8.2 | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting clie… | May 13, 2026 |
| CVE-2026-8201 | MEDIUM | 6.4 | 0.03% | — | 8.3 | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting clie… | May 13, 2026 |
| CVE-2026-8202 | MEDIUM | 4.3 | 0.05% | — | 8.3 | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $r… | May 13, 2026 |
| CVE-2026-8202 | MEDIUM | 4.3 | 0.05% | — | 8.0 | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $r… | May 13, 2026 |
| CVE-2026-8202 | MEDIUM | 4.3 | 0.05% | — | 8.2 | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $r… | May 13, 2026 |
| CVE-2026-8200 | LOW | 2.7 | 0.04% | — | 8.0 | When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the loc… | May 13, 2026 |
| CVE-2026-8200 | LOW | 2.7 | 0.04% | — | 8.2 | When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the loc… | May 13, 2026 |
| CVE-2026-8200 | LOW | 2.7 | 0.04% | — | 8.3 | When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the loc… | May 13, 2026 |
Frequently asked questions
Is MongoDB 8 end of life?
Partially. Some MongoDB 8.x releases have reached EOL. Check the version table above for the exact status of each sub-release.
What CVEs affect MongoDB 8?
There are 18 CVEs tracked for MongoDB 8.x. See the full list above with CVSS and EPSS scores.
What is the latest MongoDB 8 version?
The latest MongoDB 8.x patch release is 8.3.1, released on May 4, 2026. Always run the latest patch to benefit from all security fixes.
When was MongoDB 8 first released?
MongoDB 8.0 was initially released on May 4, 2026. See the full version timeline in the table above.
Is it safe to run MongoDB 8 in production?
MongoDB 8 is still supported and safe for production use until October 31, 2029. Ensure you are running the latest patch version (8.3.1) to have all security fixes applied.
Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA