Authentication Parameter Logging Vulnerability in MongoDB Server
CVE-2026-9735
6.8MEDIUM
What is CVE-2026-9735?
The MongoDB server has a vulnerability that allows it to log sensitive authentication parameters, including user credentials, to the server logs. This occurs during SASL authentication when connection health metric logging is enabled. The absence of redaction means these credentials can be exposed in the logs, creating a significant risk for unauthorized access. Administrators should review their logging configurations to mitigate the risk of sensitive data exposure.
Affected Version(s)
MongoDB Server 8.3.0 < 8.3.3