Server Crash Vulnerability in MongoDB Affecting Users on Exchange Options
CVE-2026-9746
7.1HIGH
What is CVE-2026-9746?
A vulnerability in MongoDB allows an authenticated user to cause the server to crash when using specific commands involving $changestreams and $_requestReshardingResumeToken with the exchange option. This issue arises when the server encounters an invariant failure, leading to an unexpected shutdown. It requires no special privileges beyond being logged in, making it accessible for exploitation by regular users.
Affected Version(s)
MongoDB Server 8.3.0 < 8.3.3
MongoDB Server 8.2.0 < 8.2.10
MongoDB Server 8.0.0 < 8.0.24