Vulnerability in MongoDB Server's BSON Validation Logic
CVE-2026-9740
8.7HIGH
What is CVE-2026-9740?
A vulnerability exists in MongoDB Server's BSON validation logic, which can be exploited by an unauthenticated user. By sending a specially crafted BSON message, an attacker can induce the mongod process to crash. This issue arises from the validator's mishandling of certain nested binary data structures, leading to uncontrolled mutual recursion among validation functions. Each re-entry into the validation process resets internal depth tracking, causing the server to become susceptible to crash scenarios.
Affected Version(s)
MongoDB Server 8.3.0 < 8.3.3
MongoDB Server 8.2.0 < 8.2.10
MongoDB Server 8.0.0 < 8.0.24