CVE-2026-9743
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline, leading to a process crash.
Risk Assessment
This issue allows an authenticated user who can run aggregation pipelines to cause a denial of service by issuing a specially crafted aggregation followed by getMore on affected versions.
Recommendation
It is recommended to update the MongoDB server to the latest version to mitigate this vulnerability and to monitor logs for potential exploitation attempts.
Original NVD description (English source)
In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid address and crashing the process. This issue allows an authenticated user who can run aggregation pipelines to cause a denial of service by issuing a specially crafted aggregation followed by getMore on affected versions.

