PatchSiren cyber security CVE debrief
CVE-2026-9735 MongoDB CVE debrief
CVE-2026-9735 is a medium severity vulnerability (CVSS Score: 6.8) that affects MongoDB server. The vulnerability may log authentication parameters, including credentials, to the server log during SASL authentication when connection health metric logging is enabled. The full authentication parameters are written to the log without redaction.
- Vendor
- MongoDB
- Product
- MongoDB Server
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of MongoDB server should be aware of this vulnerability, especially those who have connection health metric logging enabled.
Technical summary
The MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. This occurs when connection health metric logging is enabled, and the full authentication parameters are written to the log without redaction.
Defensive priority
medium
Recommended defensive actions
- Review and update MongoDB server logging configurations to ensure sensitive information is not logged.
- Consider disabling connection health metric logging or implementing log redaction.
Evidence notes
Vendor and product information is based on limited evidence and may require further verification.
Official resources
-
CVE-2026-9735 CVE record
CVE.org
-
CVE-2026-9735 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-9735 was published on 2026-06-09T23:17:03.287Z and modified on 2026-06-10T19:43:28.857Z.