This vulnerability in MongoDB Server involves the internal $exchange stage used in aggregation pipelines configured with key-range partitioning and order-preserving delivery. When a single key range generates enough documents to fill its exchange buffer, the server executes a code path where a full per-consumer buffer is detected but the internal 'high watermark' for that key range is not updated correctly. This leads to a reachable assertion (CWE-617), potentially causing server instability or crashes. The issue affects MongoDB Server versions 7.0.0, 8.0.0, 8.2.0, and 8.3.0. No official remediation or patch has been published yet, and no known exploits are reported in the wild.

The vulnerability can cause the MongoDB Server to hit a reachable assertion condition during aggregation pipeline execution, potentially leading to server crashes or denial of service. The impact is high due to the possibility of service disruption. There is no indication of data breach or privilege escalation from the provided information.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround is documented, users should monitor MongoDB vendor communications for updates. Until a patch is available, avoid running aggregation pipelines that use the internal $exchange stage with key-range partitioning and order-preserving delivery on affected versions if possible.