NCSC-2026-0209 [1.00] [M/H] Vulnerabilities fixed in MongoDB Server
MongoDB has fixed multiple vulnerabilities in MongoDB Server. The vulnerabilities affect various components of MongoDB Server. A vulnerability in the logging mechanisms can lead to full authentication credentials, including sensitive credentials, being logged in server logs without redaction during SASL authentication sessions. Another vulnerability in BSON validation causes a crash of the mongod process due to uncontrolled mutual recursion during the validation of nested binary data, resulting in a denial-of-service.
CSIRTS triage
- What
- Vulnerabilities in logging and BSON validation can lead to credential exposure and denial of service.
- Who is affected
- Users of MongoDB Server.
- Urgency
- Remediation is necessary due to the potential for significant security issues.
- Action
- Update to the latest version of MongoDB Server.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch MongoDB Server
Get an email when a new MongoDB Server advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0209
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-97350.12% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 2% of all scored CVEs.
- Low exploitation riskCVE-2026-97400.34% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
- Low exploitation riskCVE-2026-97410.10% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 1% of all scored CVEs.
- Low exploitation riskCVE-2026-97420.35% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
- Low exploitation riskCVE-2026-97430.31% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 22% of all scored CVEs.
- Low exploitation riskCVE-2026-97460.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 19% of all scored CVEs.
- Low exploitation riskCVE-2026-97470.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 19% of all scored CVEs.
- Low exploitation riskCVE-2026-97480.32% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 24% of all scored CVEs.
- Low exploitation riskCVE-2026-97490.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 19% of all scored CVEs.
- Low exploitation riskCVE-2026-97500.37% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 29% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-9735 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9740 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9741 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9742 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9743 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9746 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9747 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9748 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9749 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9750 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9751 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9752 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9753 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9754 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for MongoDB Server
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- lowCVE-2026-34049: Coolify is an open-source and self-hostable tool for managing servers, applications, and datab…nvd · 2026-07-06
- criticalexploitedCVE-2025-14847: MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerabilitycisa-kev · 2025-12-29
More from NCSC-NL Advisories
- unknownNCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access2026-07-10
- unknownNCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition2026-07-10
- unknownNCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks2026-07-07
- unknownNCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs2026-07-03
- unknownNCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server2026-07-03