CVE Catalog

CVE-2026-9753

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff, potentially leading to memory out-of-bounds or crashing the server.

Risk Assessment

Any authenticated user with access to the aggregate command can exploit this vulnerability, posing a risk of server instability and data loss.

Recommendation

It is recommended to restrict access to the aggregate command to trusted users only and to monitor the usage of the $_internalApplyOplogUpdate stage.

Original NVD description (English source)

The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS