CVE-2026-9750
Received Received - Intake
MongoDB Server Crash via Metadata Interference

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MongoDB, Inc.

Description
An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-9750
EUVD
EUVD-2026-35866
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mongodb mongodb *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability allows an authenticated user to cause a MongoDB server to crash or return incorrect results. It happens because the user can create documents that interfere with the server's internal metadata processing during query execution. The root cause is insufficient separation between user-controlled document fields and internal metadata in certain execution paths.

Impact Analysis

The impact of this vulnerability includes the potential for denial of service by crashing the MongoDB server and the risk of receiving incorrect query results. This can disrupt application availability and data integrity, potentially leading to operational issues.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9750. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart