216.73.217.50

CVE-2026-9749

· Published 09/06/2026 23:17 · Modified 10/06/2026 19:43

Labels: CVE-2026-9749 2026-06-09CVE-2026-9749CWE-617[email protected]

Essential information

Published
09/06/2026 23:17
Modified
10/06/2026 19:43
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer (that is, many results are routed to the same consumer), the server reaches the code path where a full per-consumer buffer is detected but the internal "high watermark" for that key range is not updated as intended.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mongodb / mongodb cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*

References