CVE-2026-9749

HIGH EPSS 18.5%

Published Jun 9, 20262w ago · Modified Jun 18, 20261w ago

7.1 CVSS 4.0

High

Published Jun 9, 2026 2w ago

Last Modified Jun 18, 2026 1w ago

Description

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer (that is, many results are routed to the same consumer), the server reaches the code path where a full per-consumer buffer is detected but the internal "high watermark" for that key range is not updated as intended.

CVSS Details

Base Score

7.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

18.5% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-617

Affected Products 4

Vendor	Product	Version	Range
mongodb	mongodb	*	≥7.0.0 – <7.0.35
mongodb	mongodb	*	≥8.0.0 – <8.0.24
mongodb	mongodb	*	≥8.2.0 – <8.2.10
mongodb	mongodb	*	≥8.3.0 – <8.3.3

References 1

jira.mongodb.org https://jira.mongodb.org/browse/SERVER-124031

PatchVendor Advisory

Remediation

jira.mongodb.org https://jira.mongodb.org/browse/SERVER-124031

PatchVendor Advisory