CVE Catalog

CVE-2026-9740

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile - higher than 18% of all known CVEs

Summary

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions.

Risk Assessment

An attacker can exploit this vulnerability to disrupt the operation of the MongoDB server, potentially leading to service outages and loss of data availability.

Recommendation

It is recommended to update the MongoDB server to the latest version that includes fixes for this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions, where each re-entry resets internal depth tracking.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS