Denial of Service Vulnerability in MongoDB OIDC Authentication
CVE-2026-9742
8.2HIGH
What is CVE-2026-9742?
A vulnerability exists in the MongoDB Server when OIDC authentication is enabled. Clients can specify values in the 'mechanism' parameter of the 'authenticate' command, which is available to unauthenticated clients. This misconfiguration can lead to server crashes, resulting in pre-authentication denial-of-service conditions, ultimately affecting the availability of the affected product configurations.
Affected Version(s)
MongoDB Server 8.3.0 < 8.3.3
MongoDB Server 8.2.0 < 8.2.10