Keyfile contents are in MongoDB Server logs
CVE-2026-9735

6.8MEDIUM

Key Information:

Vendor: Mongodb
Status: Mongodb Server
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-9735?

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

Affected Version(s)

MongoDB Server 8.3.0 < 8.3.3

References

https://jira.mongodb.org/browse/SERVER-126506

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 27, 2026

CVE-2026-9735 Data

JSON

Mongodb

What is CVE-2026-9735?

Affected Version(s)

References

CVSS V4

Timeline