PatchSiren cyber security CVE debrief
CVE-2026-9750 MongoDB CVE debrief
CVE-2026-9750 is a HIGH-severity vulnerability (CVSS Score: 7.1) affecting an unknown vendor and product. An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.
- Vendor
- MongoDB
- Product
- MongoDB Server
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of MongoDB servers should be aware of this vulnerability and take necessary precautions to prevent exploitation.
Technical summary
The vulnerability exists due to insufficient separation between user-controlled document fields and internal metadata in certain execution paths. An authenticated user can create documents that interfere with internal metadata processing during query execution, causing the MongoDB server to crash or return incorrect results.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as they become available.
- Restrict access to the MongoDB server to only trusted users.
- Monitor MongoDB server logs for suspicious activity.
Evidence notes
The CVE record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-9750) and additional details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-9750). A source reference is available at [ref-4](https://jira.mongodb.org/browse/SERVER-123633).
Official resources
-
CVE-2026-9750 CVE record
CVE.org
-
CVE-2026-9750 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-9750 was published on 2026-06-09T23:17:04.510Z and modified on 2026-06-10T19:43:28.857Z.