CVE-2026-9746 Server crashes in case of the use of exchange

🗓️ 09 Jun 2026 22:02:12Reported by mongodbType

CVE-2026-9746: Server crashes when using changestreams and resume token with exchange option; login required.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2026-9746	11 Jun 202612:45	–	circl
CNNVD	MongoDB Server security vulnerabilities	9 Jun 202600:00	–	cnnvd
CVE	CVE-2026-9746	9 Jun 202622:02	–	cve
EUVD	EUVD-2026-35862	10 Jun 202600:31	–	euvd
MongoDB	Server crashes in case of the use of exchange	9 Jun 202622:02	–	mongodb
Tenable Nessus	MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 Multiple Vulnerabilities	12 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-9746	12 Jun 202600:00	–	nessus
NVD	CVE-2026-9746	9 Jun 202623:17	–	nvd
OSV	UBUNTU-CVE-2026-9746	9 Jun 202623:17	–	osv
Positive Technologies	PT-2026-48292	9 Jun 202600:00	–	ptsecurity

[
  {
    "vendor": "MongoDB",
    "product": "MongoDB Server",
    "versions": [
      {
        "status": "affected",
        "version": "8.3.0",
        "lessThan": "8.3.3",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.2.0",
        "lessThan": "8.2.10",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.0.0",
        "lessThan": "8.0.24",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.0.0",
        "lessThan": "7.0.35",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-124190

09 Jun 2026 22:02Current

CVSS 3.16.5

CVSS 47.1

EPSS0.00235

CWE-617