PatchSiren cyber security CVE debrief
CVE-2026-9749 MongoDB CVE debrief
CVE-2026-9749 is a HIGH severity vulnerability with a CVSS score of 7.1. The issue occurs when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer, the server reaches the code path where a full per-consumer buffer is detected but the internal 'high watermark' for that key range is not updated as intended. The CVE was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- MongoDB
- Product
- MongoDB Server
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of MongoDB products should review their configurations and ensure that they are not running aggregation pipelines that could trigger this issue.
Technical summary
The vulnerability is related to the handling of aggregation pipelines in MongoDB. Specifically, it occurs when the internal $exchange stage is configured with key-range partitioning and order-preserving delivery. If a single key range produces a large number of documents, it can fill its exchange buffer, causing the server to detect a full per-consumer buffer without updating the internal 'high watermark' for that key range.
Defensive priority
HIGH
Recommended defensive actions
- Review and update aggregation pipeline configurations to prevent triggering this issue.
- Monitor MongoDB product logs for signs of this vulnerability being exploited.
Evidence notes
The vendor is listed as Unknown Vendor, but evidence suggests a connection to MongoDB.
Official resources
-
CVE-2026-9749 CVE record
CVE.org
-
CVE-2026-9749 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-9749 was published on 2026-06-09T23:17:04.380Z and modified on 2026-06-10T19:43:28.857Z.