CVE-2026-9752
Analyzed Analyzed - Analysis Complete

MongoDB Server Crash via GeometryCollection with Strict-Winding Polygon

Publication date: 2026-06-09

Last updated on: 2026-06-18

Assigner: MongoDB, Inc.

Description
An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-18
Generated
2026-06-30
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-28
NVD
CVE-2026-9752
EUVD
EUVD-2026-35851

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
mongodb mongodb From 8.0.0 (inc) to 8.0.24 (exc)
mongodb mongodb From 8.2.0 (inc) to 8.2.10 (exc)
mongodb mongodb From 8.3.0 (inc) to 8.3.3 (exc)
mongodb mongodb From 7.0.0 (inc) to 7.0.35 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs when an authorized user runs a query using a 2dsphere index on a field that contains a GeoJSON GeometryCollection with a Polygon that has a strict-winding Coordinate Reference System (CRS).

Strict-winding polygons are not supported for indexing, but the system's check that rejects these polygons does not examine the individual members inside a GeometryCollection. This oversight allows the unsafe code path to be executed, which ultimately leads to a null-pointer dereference and causes the server to crash.

Impact Analysis

The primary impact of this vulnerability is that an authorized user can cause the server to crash by exploiting the issue with the 2dsphere index and strict-winding polygons inside a GeometryCollection.

This can lead to denial of service (DoS), disrupting availability of the database service and potentially affecting applications relying on it.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9752. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart