{"id":"CVE-2021-20326","details":"A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4.","aliases":["BIT-mongodb-2021-20326"],"modified":"2026-04-12T01:00:40.892269Z","published":"2021-04-30T09:15:07.597Z","references":[{"type":"FIX","url":"https://jira.mongodb.org/browse/SERVER-53929"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"563487e100c4215e2dce98d0af2a6a5a2d67c5cf"},{"fixed":"8db30a63db1a9d84bdcad0c83369623f708e0397"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"4.4.0"},{"fixed":"4.4.4"}],"cpe":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"}}],"versions":["r4.4.0","r4.4.1","r4.4.1-rc0","r4.4.1-rc1","r4.4.1-rc2","r4.4.1-rc3","r4.4.2","r4.4.2-rc0","r4.4.2-rc1","r4.4.3","r4.4.3-rc0","r4.4.4-rc0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20326.json","vanir_signatures_modified":"2026-04-12T01:00:40Z","vanir_signatures":[{"digest":{"length":2550,"function_hash":"312061597696311919524554252975438333598"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/history/hs_rec.c","function":"__hs_insert_record_with_btree"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-0d34cbd9","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"threshold":0.9,"line_hashes":["315479470304875803857279499481317415466","115074007093651304057338670897229816033","81088078571566113974872011295039569048","163719630010476410224163807323392389088","151800375046913805578439133327232677991","147916589248574302075107535560730340171","117346314762798772300369996480860128668","96667862175953330669788198818703733214","31861688250327554457184359058275827300","322830309178507761502830321026933930569","141514632105719770332976982430238634969","227245241326210015826541510000313217588"]},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/history/hs_rec.c"},"deprecated":false,"signature_type":"Line","id":"CVE-2021-20326-28a41848","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":1502,"function_hash":"179664096202965806853237996690119030007"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/btree/bt_delete.c","function":"__wt_delete_page"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-39b74638","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"threshold":0.9,"line_hashes":["138970544057262200959444881653869741331","187909513624452395666510805886000342116","332915061079976617828957091818520465939","152337207688994054221674645750335058860","96070241661075151565895959079318498045","136593963202842362832181053530154964404","200371952454749138464246355702219114882"]},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/txn/txn_rollback_to_stable.c"},"deprecated":false,"signature_type":"Line","id":"CVE-2021-20326-3ab1f0f5","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":1166,"function_hash":"101530883577087616889885689055293599236"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/log/log_auto.c","function":"__wt_logop_row_modify_print"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-3db80e8c","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"threshold":0.9,"line_hashes":["24701463899445119827634489398996051742","304094680702975722410480205488238885384","194589117532435740034042506883303217557","192910071358891002320103969641725374327","131231060101700894783456763197249110800","55898006032207701712329766289012282337","88294623296414776839881340541889064009"]},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/btree/bt_delete.c"},"deprecated":false,"signature_type":"Line","id":"CVE-2021-20326-507a76f0","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":469,"function_hash":"28142851885348203688437986540437414371"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/utilities/util_printlog.c","function":"usage"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-51ba2427","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":923,"function_hash":"56219681019010975424565528599037219726"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/log/log_auto.c","function":"__wt_logop_col_modify_print"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-531aac2d","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":807,"function_hash":"238188101377323415387870023876212643368"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/log/log_auto.c","function":"__wt_logop_row_remove_print"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-5749222a","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"threshold":0.9,"line_hashes":["51971341632719725737893090286192753137","11520671335684621015650242251536858852","83857547804234728949268135854806866204","40576386018691709425745653383202193802","152763773098029596863076040410468020719","308140493507203013767260796725830931551","319029925925606118610921645766422401766","1005737235791412550886571674514390153","156629878222971654597889431989402402283","119411159309351880102934923009092888920","171054357696884931772977634256658143372","19315419680561823141429251794247504827","44142400384351817767854722906780066576","249752665197158575962675877038147372652"]},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/utilities/util_printlog.c"},"deprecated":false,"signature_type":"Line","id":"CVE-2021-20326-580f0383","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"threshold":0.9,"line_hashes":["338961330669086847569163064217984323797","37230695511955632588858540104277548322","149058545345931702623309619666345246873","181149687476419183920514207551575935818","43735254131414233589030253864269446137","231672750229703181633426065576577677379","181582851262814534399121161527292356731","159191508916512466407433085099881791904","168828278532957198323434763750795496424","219264686165503751261747051350786471626","217574972431283616883367743644089331533","91354351096526020193950339048393117736","275051895190075552734790724932506436527"]},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/config/config_api.c"},"deprecated":false,"signature_type":"Line","id":"CVE-2021-20326-5f171963","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"threshold":0.9,"line_hashes":["329874848549799215422459541824778853943","64705157096717960345550978859321982091","285516975718910065569156021717849204592","58394280656653656988619719564536133376"]},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/include/extern.h"},"deprecated":false,"signature_type":"Line","id":"CVE-2021-20326-63bb6d10","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":7765,"function_hash":"53639146817845271418803214831383828695"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/history/hs_rec.c","function":"__wt_hs_insert_updates"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-76dd31b6","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":5620,"function_hash":"149345552815072196531220084377621911604"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/txn/txn_rollback_to_stable.c","function":"__rollback_row_ondisk_fixup_key"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-992e5b91","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":920,"function_hash":"282296241344152955822297129780911726963"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/log/log_auto.c","function":"__wt_logop_col_put_print"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-a7140650","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":1281,"function_hash":"146572380778874493214812414164713111845"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/log/log_auto.c","function":"__wt_logop_row_truncate_print"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-ab2d70d1","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"threshold":0.9,"line_hashes":["55121239041693819156264571982404821608","42453745950279708792487054518915031661","221007301096082015572548815235842988346","13217189362746076158305379304149021605","293963183254329886748648429600032059834","52822790134166849039392184999748202090","47407725776359873868446945817128141067","212470347247612693129785925304845668987","223474116787789627375571040617029073075","313979417912792571152439701423326932270","280747335690823798848435572364198692013","209273229228154474464049478342547698527","219764935157860454431738320767344552561","244816100132780759669298532239032651340","287638392801360326812437002699760212759","43524769104093773916289913860049663888","120493722251707293091806791679323363986","217522873036491193486761051157747143730","122054461482838984810251528878480736469","94020698291820007080170047201826728342","293962867560020629876433521066529969604","32739148659113728538038310671173116820","143148080412295302342836222299401685223","305098912015752803424000346339264886567"]},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/log/log_auto.c"},"deprecated":false,"signature_type":"Line","id":"CVE-2021-20326-b70c2b1e","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"threshold":0.9,"line_hashes":["260345024583571938408566966712790441199","268201060900024256826012938120618365693","18413994154114136159217769986650778448","159220887626108065644950460999585929260","145954510333986809221845935215986013123","299370189277963037667062669899220468926","197105242318780641455721496330041190803","165375073332500804077084710538952111906","252500965442863385091305899784262600703","65414597209922801780128992333687744253"]},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/test/cppsuite/test_harness/test_harness.h"},"deprecated":false,"signature_type":"Line","id":"CVE-2021-20326-ba8d8245","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":1227,"function_hash":"283311536349146192604530693923165497871"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/config/config_api.c","function":"wiredtiger_config_validate"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-c7d71b50","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":1163,"function_hash":"230459644819469586504559701340320387094"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/log/log_auto.c","function":"__wt_logop_row_put_print"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-dc6b0114","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":488,"function_hash":"15800523768992280293873983681930800411"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/log/log_auto.c","function":"__wt_logop_col_remove_print"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-e51e8769","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":1135,"function_hash":"43788586738306872749374027165996980599"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/utilities/util_printlog.c","function":"util_printlog"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-e5b8b5f3","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":601,"function_hash":"293521159960001001042466863762559145387"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/src/log/log_auto.c","function":"__wt_logop_col_truncate_print"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-eee02efd","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"threshold":0.9,"line_hashes":["58372366763407597517269123703409793784","65343895210296720673664115797318862875","325362668191010663391817634610596532532","327308742225859197985611881567609579741","262167224407373225018623729032506910242","301456180702826207607879616238970106820","246098507825277471751197830155025231227","69362860152038969198732459414236739428","49935024467511465160302405904417106849","180342068568822164840753593556734322723","279746165308449814521565396170516275584","167742978894937753683078770115408265553"]},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/test/cppsuite/tests/poc.cxx"},"deprecated":false,"signature_type":"Line","id":"CVE-2021-20326-f289176e","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"},{"digest":{"length":86,"function_hash":"86303072903330300563159924547894214493"},"signature_version":"v1","target":{"file":"src/third_party/wiredtiger/test/cppsuite/tests/poc.cxx","function":"main"},"deprecated":false,"signature_type":"Function","id":"CVE-2021-20326-fb686049","source":"https://github.com/mongodb/mongo/commit/8db30a63db1a9d84bdcad0c83369623f708e0397"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}