Vulnerability intelligence

CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.

CVSS Score

7.1

High

EPSS — Exploit Probability

0.3%

Riskier than 21% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

Patch available

Vendor fix published

NVD entry Vendor patch PoC / advisory

1 article across 1 outlet · first covered Jun 17, 2026 · latest Jun 17, 2026

Coverage timeline

MongoDB flaws risk unauthenticated crashes and data corruption
securityonline.info · Jun 17, 2026