Lucene search
K

3437 matches found

NVD
NVD
added 2026/06/09 11:17 p.m.12 views

CVE-2026-9747

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:17 p.m.11 views

CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS0.00368EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:17 p.m.15 views

CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS0.00119EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:17 p.m.21 views

CVE-2026-9740

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS0.00345EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:17 p.m.13 views

CVE-2026-9743

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS0.00307EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.6 views

UBUNTU-CVE-2026-9743

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS5.3AI score0.00307EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 11:17 p.m.7 views

UBUNTU-CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.3AI score0.00119EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 11:17 p.m.5 views

UBUNTU-CVE-2026-9740

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS5.3AI score0.00345EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 11:17 p.m.7 views

UBUNTU-CVE-2026-9747

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.3AI score0.0027EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 11:17 p.m.7 views

UBUNTU-CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:43 p.m.49 views

CVE-2026-9740 Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 10:43 p.m.130 views

CVE-2026-9740

Affected software: MongoDB Server. Vulnerability: BSON validation logic allows unauthenticated users to crash mongod via a specially crafted message. The BSON validator’s handling of certain nested binary data structures enables uncontrolled mutual recursion, where each re-entry resets internal d...

8.7CVSS5.5AI score0.00345EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 10:40 p.m.104 views

CVE-2026-9735

CVE-2026-9735 concerns MongoDB server logging of SASL authentication parameters. The connected documents specify that when connection health metric logging is enabled, full authentication parameters (potentially including credentials) may be written to the server log without redaction. The NVD/NV...

6.8CVSS5.5AI score0.00119EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 10:40 p.m.39 views

CVE-2026-9735 Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS0.00119EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 10:40 p.m.13 views

Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.5AI score0.00119EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 10:17 p.m.9 views

CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 10:17 p.m.41 views

CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS0.00368EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 10:17 p.m.33 views

CVE-2026-9750

CVE-2026-9750 affects MongoDB: an authenticated user can cause a server crash or incorrect query results by crafting documents that clash with internal metadata during query execution. The root cause is insufficient separation between user-controlled document fields and internal metadata in certa...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2026/06/09 10:17 p.m.10 views

Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 10:5 p.m.86 views

CVE-2026-9747

The vulnerability CVE-2026-9747 affects MongoDB Server’s cross-shard merge aggregation. When building aggregations, using fromRouter:true with runtimeConstants.userRoles may cause the server to crash. The connected documentation confirms the issue but provides no details on mitigations; exploitat...

7.1CVSS5.5AI score0.0027EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder