CVE Catalog

CVE-2026-9750

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.

Risk Assessment

The organization may experience downtime of the MongoDB server and incorrect query results, potentially leading to data loss or incorrect business decisions.

Recommendation

It is recommended to review and improve the separation mechanisms of metadata and document fields in MongoDB to minimize the risk of crashes and incorrect results.

Original NVD description (English source)

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS