Denial of Service Vulnerability in MongoDB OIDC Authentication
CVE-2026-9742

8.2HIGH

Key Information:

Vendor

Mongodb

Vendor
CVE Published:
9 June 2026

What is CVE-2026-9742?

A vulnerability exists in the MongoDB Server when OIDC authentication is enabled. Clients can specify values in the 'mechanism' parameter of the 'authenticate' command, which is available to unauthenticated clients. This misconfiguration can lead to server crashes, resulting in pre-authentication denial-of-service conditions, ultimately affecting the availability of the affected product configurations.

Affected Version(s)

MongoDB Server 8.3.0 < 8.3.3

MongoDB Server 8.2.0 < 8.2.10

References

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.