CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

NCSC-2026-0209 [1.00] [M/H] Vulnerabilities fixed in MongoDB Server

unknownCVE-2026-9735CVE-2026-9740CVE-2026-9741CVE-2026-9742CVE-2026-9743CVE-2026-9746
MongoDB has fixed multiple vulnerabilities in MongoDB Server. The vulnerabilities affect various components of MongoDB Server. A vulnerability in the logging mechanisms can lead to full authentication credentials, including sensitive credentials, being logged in server logs without redaction during SASL authentication sessions. Another vulnerability in BSON validation causes a crash of the mongod process due to uncontrolled mutual recursion during the validation of nested binary data, resulting in a denial-of-service.

CSIRTS triage

What
Vulnerabilities in logging and BSON validation can lead to credential exposure and denial of service.
Who is affected
Users of MongoDB Server.
Urgency
Remediation is necessary due to the potential for significant security issues.
Action
Update to the latest version of MongoDB Server.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch MongoDB Server

Get an email when a new MongoDB Server advisory drops — max one per day, one-click unsubscribe.

Details

Source
NCSC-NL Advisories (NL · national-cert · site)
Severity
unknown
Published
2026-06-23
Exploitation
Not in CISA KEV at last sync
Language
Machine-translated to English — verify against the original

Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0209

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-9735coverage & exploitation statusNVD · CVE.org
CVE-2026-9740coverage & exploitation statusNVD · CVE.org
CVE-2026-9741coverage & exploitation statusNVD · CVE.org
CVE-2026-9742coverage & exploitation statusNVD · CVE.org
CVE-2026-9743coverage & exploitation statusNVD · CVE.org
CVE-2026-9746coverage & exploitation statusNVD · CVE.org
CVE-2026-9747coverage & exploitation statusNVD · CVE.org
CVE-2026-9748coverage & exploitation statusNVD · CVE.org
CVE-2026-9749coverage & exploitation statusNVD · CVE.org
CVE-2026-9750coverage & exploitation statusNVD · CVE.org
CVE-2026-9751coverage & exploitation statusNVD · CVE.org
CVE-2026-9752coverage & exploitation statusNVD · CVE.org
CVE-2026-9753coverage & exploitation statusNVD · CVE.org
CVE-2026-9754coverage & exploitation statusNVD · CVE.org

Recent advisories for MongoDB Server

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from NCSC-NL Advisories