CVE Catalog

CVE-2026-9751

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

The ldapQueryPassword parameter, when set through the runtime setParameter command, logs the new password to the mongod.log file in plain text.

Risk Assessment

Logging the password in plain text can lead to unauthorized access to the system if the logs are compromised by third parties.

Recommendation

It is recommended to avoid logging passwords in plain text and to review and secure log files against unauthorized access.

Original NVD description (English source)

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS