CVE-2026-9753 Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

🗓️ 09 Jun 2026 22:30:57Reported by mongodbType

CVE-2026-9753: Authenticated users crash server via malformed binary diff in $_internalApplyOplogUpdate.

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2026-9753	10 Jun 202600:00	–	circl
CNNVD	MongoDB Server 安全漏洞	9 Jun 202600:00	–	cnnvd
CVE	CVE-2026-9753	9 Jun 202622:30	–	cve
EUVD	EUVD-2026-35852	10 Jun 202600:31	–	euvd
MongoDB	Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.	9 Jun 202622:30	–	mongodb
Tenable Nessus	MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 Multiple Vulnerabilities	12 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-9753	12 Jun 202600:00	–	nessus
NCSC	Vulnerabilities in MongoDB Server	23 Jun 202609:52	–	ncsc
NVD	CVE-2026-9753	9 Jun 202623:17	–	nvd
OSV	BIT-MONGODB-2026-9753 Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.	22 Jun 202605:47	–	osv

[
  {
    "vendor": "MongoDB",
    "product": "MongoDB Server",
    "versions": [
      {
        "status": "affected",
        "version": "8.3.0",
        "lessThan": "8.3.3",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "8.2.0",
        "lessThan": "8.2.10",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "8.0.0",
        "lessThan": "8.0.24",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "7.0.0",
        "lessThan": "7.0.35",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-124959

09 Jun 2026 22:35Current

CVSS 47.2

CVSS 3.18.1

EPSS0.00298

CWE-1287