Vulnerability intelligence

CVE-2026-9740

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions, where each re-entry resets internal depth tracking.

CVSS Score

8.7

High

EPSS — Exploit Probability

0.3%

Riskier than 18% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

Patch available

Vendor fix published

NVD entry Vendor patch PoC / advisory

1 article across 1 outlet · first covered Jun 17, 2026 · latest Jun 17, 2026

Coverage timeline

MongoDB flaws risk unauthenticated crashes and data corruption
securityonline.info · Jun 17, 2026