PatchSiren cyber security CVE debrief
CVE-2026-9742 MongoDB CVE debrief
CVE-2026-9742 is a high-severity vulnerability with a CVSS score of 8.2. When OIDC authentication is enabled, clients can set specific values in the 'mechanism' parameter of the 'authenticate' command, causing a server crash. This command is accessible to unauthenticated clients, leading to potential pre-auth denial-of-service in affected product configurations. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-9742) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-9742).
- Vendor
- MongoDB
- Product
- MongoDB Server
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Security teams and administrators of systems using OIDC authentication should be aware of this vulnerability and assess their configurations for potential exposure.
Technical summary
The vulnerability allows unauthenticated clients to cause a server crash by manipulating the 'mechanism' parameter in the 'authenticate' command when OIDC authentication is enabled.
Defensive priority
High
Recommended defensive actions
- Review and update configurations to ensure OIDC authentication is properly secured.
- Monitor systems for unusual 'authenticate' command activity.
- Apply patches or mitigations provided by the vendor once available.
Evidence notes
The vendor is currently listed as 'Unknown Vendor', but evidence suggests a potential link to MongoDB.
Official resources
-
CVE-2026-9742 CVE record
CVE.org
-
CVE-2026-9742 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-9742 was published on 2026-06-09T23:17:03.727Z and last modified on 2026-06-10T19:43:28.857Z.