CVE Catalog

CVE-2026-9749

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile - higher than 14% of all known CVEs

Summary

The vulnerability occurs when running an aggregation pipeline using the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer, the server does not update the internal 'high watermark' for that key range as intended.

Risk Assessment

The risk associated with this vulnerability involves improper memory management, which could lead to unexpected server behavior and potential performance issues.

Recommendation

It is recommended to monitor aggregation pipelines and update configurations to avoid situations where the exchange buffer is overwhelmed. Additionally, consider updating the software to the latest version to patch this vulnerability.

Original NVD description (English source)

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer (that is, many results are routed to the same consumer), the server reaches the code path where a full per-consumer buffer is detected but the internal "high watermark" for that key range is not updated as intended.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS