MongoDB Server Aggregation Vulnerability Affecting Various Deployments
CVE-2026-9747
7.1HIGH
What is CVE-2026-9747?
A vulnerability exists in MongoDB Server where the configuration options 'fromRouter:true' and 'runtimeConstants.userRoles' can lead to unexpected behavior that causes the MongoDB server to crash during aggregation operations. This could significantly disrupt database availability and service continuity for affected deployments. IT administrators and developers are urged to review their configurations and ensure they are updated to the latest version to mitigate potential risks.
Affected Version(s)
MongoDB Server 8.3.0 < 8.3.3
MongoDB Server 8.2.0 < 8.2.10
MongoDB Server 8.0.0 < 8.0.24