PatchSiren cyber security CVE debrief
CVE-2026-9740 MongoDB CVE debrief
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions, where each re-entry resets internal depth tracking.
- Vendor
- MongoDB
- Product
- MongoDB Server
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of MongoDB Server are advised to take action.
Technical summary
The vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. It was published on [cvePublishedAt] and last modified on [cveModifiedAt].
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch or update to the latest version of MongoDB Server.
- Restrict access to the MongoDB Server to only trusted users.
Evidence notes
The CVE record was obtained from the official CVE website [resourceLinkAnnotations:cve-org]. Additional information was obtained from the NVD detail page [resourceLinkAnnotations:nvd].
Official resources
-
CVE-2026-9740 CVE record
CVE.org
-
CVE-2026-9740 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-9740 was published on 2026-06-09T23:17:03.437Z and last modified on 2026-06-10T19:43:28.857Z.