CVE-2026-9749 Using MaxKey() may crash the server

🗓️ 09 Jun 2026 22:10:45Reported by mongodbType

MaxKey() may crash the server in aggregations using internal exchange with key-range partitioning when buffers fill.

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2026-9749	11 Jun 202612:45	–	circl
CNNVD	MongoDB Server 安全漏洞	9 Jun 202600:00	–	cnnvd
CVE	CVE-2026-9749	9 Jun 202622:10	–	cve
EUVD	EUVD-2026-35865	10 Jun 202600:31	–	euvd
MongoDB	Using MaxKey() may crash the server	9 Jun 202622:10	–	mongodb
Tenable Nessus	MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 Multiple Vulnerabilities	12 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-9749	12 Jun 202600:00	–	nessus
NCSC	Vulnerabilities in MongoDB Server	23 Jun 202609:52	–	ncsc
NVD	CVE-2026-9749	9 Jun 202623:17	–	nvd
OSV	BIT-MONGODB-2026-9749 Using MaxKey() may crash the server	22 Jun 202605:47	–	osv

[
  {
    "vendor": "MongoDB",
    "product": "MongoDB Server",
    "versions": [
      {
        "status": "affected",
        "version": "8.3.0",
        "lessThan": "8.3.3",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "8.2.0",
        "lessThan": "8.2.10",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "8.0.0",
        "lessThan": "8.0.24",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "7.0.0",
        "lessThan": "7.0.35",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-124031

09 Jun 2026 22:10Current

CVSS 3.16.5

CVSS 47.1

EPSS0.0027

CWE-617