Uninitialized Memory Exposure in MongoDB for Authenticated Users
CVE-2026-9754
7.1HIGH
What is CVE-2026-9754?
An issue has been identified in MongoDB that allows an authenticated user with the read role to potentially access uninitialized portions of stack memory through crafted invocations of the 'filemd5' command. This could lead to unauthorized information disclosure, exposing sensitive data inadvertently stored in memory. Users should be aware of this vulnerability and apply necessary safeguards when using affected versions of MongoDB.
Affected Version(s)
MongoDB 8.3.0 < 8.3.3
MongoDB 8.2.0 < 8.2.10