Authentication Parameter Logging Vulnerability in MongoDB Server
CVE-2026-9735

6.8MEDIUM

Key Information:

Vendor

Mongodb

Vendor
CVE Published:
9 June 2026

What is CVE-2026-9735?

The MongoDB server has a vulnerability that allows it to log sensitive authentication parameters, including user credentials, to the server logs. This occurs during SASL authentication when connection health metric logging is enabled. The absence of redaction means these credentials can be exposed in the logs, creating a significant risk for unauthorized access. Administrators should review their logging configurations to mitigate the risk of sensitive data exposure.

Affected Version(s)

MongoDB Server 8.3.0 < 8.3.3

References

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.