PatchSiren cyber security CVE debrief

CVE-2026-9741 MongoDB CVE debrief

CVE-2026-9741 is a HIGH severity vulnerability in MongoDB's query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE). A bug in this process results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext. This issue was published on [2026-06-09T23:17:03.583Z](cve-org) and last modified on [2026-06-10T19:43:28.857Z](cve-org).

Vendor: MongoDB
Product: MongoDB Server
CVSS: HIGH 7.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-09
Original CVE updated: 2026-06-10
Advisory published: 2026-06-09
Advisory updated: 2026-06-10

Who should care

Users of MongoDB's Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) features should be aware of this vulnerability. The CVSS score for this vulnerability is 7.1, indicating a HIGH severity level.

Technical summary

The vulnerability is caused by a bug in the query analysis processing of the $vectorSearch aggregation stage. This bug causes literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext.

Defensive priority

HIGH

Recommended defensive actions

Review and apply patches or updates provided by MongoDB to address this vulnerability.
Implement additional monitoring and logging to detect potential exploitation attempts.

Evidence notes

The CVE record [CVE-2026-9741 CVE record](cve-org) and NVD detail [CVE-2026-9741 NVD detail](nvd) provide further information about this vulnerability. A source reference [Source reference](ref-4) is also available.

Official resources

CVE-2026-9741 was published on [2026-06-09T23:17:03.583Z](cve-org) and last modified on [2026-06-10T19:43:28.857Z](cve-org).