CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-9740

unknowncovered by 1 sourcefirst seen 2026-06-23
MongoDB has fixed multiple vulnerabilities in MongoDB Server. The vulnerabilities affect various components of MongoDB Server. A vulnerability in the logging mechanisms can lead to full authentication credentials, including sensitive credentials, being logged in server logs without redaction during SASL authentication sessions. Another vulnerability in BSON validation causes a crash of the mongod process due to uncontrolled mutual recursion during the validation of nested binary data, resulting in a denial-of-service.

CSIRTS triage

What
Vulnerabilities in logging and BSON validation can lead to credential exposure and denial of service.
Who is affected
Users of MongoDB Server.
Urgency
Remediation is necessary due to the potential for significant security issues.
Action
Update to the latest version of MongoDB Server.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-9740

Get an email if CVE-2026-9740 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-9740

CVE.org record

Embed the live status

CVE-2026-9740 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-9740 status](https://www.csirts.com/badge/CVE-2026-9740)](https://www.csirts.com/cve/CVE-2026-9740)