CVE Catalog

CVE-2026-9735

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

The MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

Risk Assessment

Logging credentials in logs can lead to unauthorized access to the system if logs are not properly secured. This poses a risk of sensitive information leakage.

Recommendation

It is recommended to disable connection health metric logging or implement log redaction mechanisms to protect authentication data from unauthorized access.

Original NVD description (English source)

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS