PatchSiren cyber security CVE debrief
CVE-2026-9754 MongoDB CVE debrief
CVE-2026-9754 is a vulnerability affecting an unspecified product from an unknown vendor. An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command. The vulnerability has a CVSS score of 7.1 and is classified as HIGH severity.
- Vendor
- MongoDB
- Product
- Unknown
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of the affected product, particularly those with authenticated read roles, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability allows an authenticated user with the read role to read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates as recommended by the vendor.
- Restrict access to sensitive commands and data.
- Monitor system activity for suspicious behavior.
Evidence notes
The CVE record was published on 2026-06-09T23:17:05.023Z and modified on 2026-06-10T19:43:28.857Z. The vulnerability has a CVSS score of 7.1 and is classified as HIGH severity.
Official resources
-
CVE-2026-9754 CVE record
CVE.org
-
CVE-2026-9754 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-9754 was published on 2026-06-09T23:17:05.023Z and modified on 2026-06-10T19:43:28.857Z.