CVE-2026-9740
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions.
Risk Assessment
An attacker can exploit this vulnerability to disrupt the operation of the MongoDB server, potentially leading to service outages and loss of data availability.
Recommendation
It is recommended to update the MongoDB server to the latest version that includes fixes for this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions, where each re-entry resets internal depth tracking.

