PatchSiren cyber security CVE debrief
CVE-2026-9747 MongoDB CVE debrief
CVE-2026-9747 is a HIGH severity vulnerability with a CVSS score of 7.1. The vulnerability is caused by adding 'fromRouter:true' and 'runtimeConstants.userRoles' which could cause aggregations to crash the MongoDB server. The CVE was published on 2026-06-09 and last modified on 2026-06-10.
- Vendor
- MongoDB
- Product
- MongoDB Server
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of MongoDB server may be affected by this vulnerability.
Technical summary
The vulnerability is caused by adding 'fromRouter:true' and 'runtimeConstants.userRoles' which could cause aggregations to crash the MongoDB server.
Defensive priority
HIGH
Recommended defensive actions
- Review and apply patches or updates from the vendor.
- Implement compensating controls to mitigate potential impacts.
- Monitor MongoDB server for unusual activity.
Evidence notes
Vendor and product information is not confirmed. MongoDB may be related based on source evidence.
Official resources
-
CVE-2026-9747 CVE record
CVE.org
-
CVE-2026-9747 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-9747 was published on 2026-06-09 and last modified on 2026-06-10.