CVE-2026-9751

EUVD-2026-35867
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
mongodbCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mongodbmongodb
8.3.0 ≤
𝑥
< 8.3.3
CNA
mongodbmongodb
8.2.0 ≤
𝑥
< 8.2.10
CNA
mongodbmongodb
8.0.0 ≤
𝑥
< 8.0.24
CNA
mongodbmongodb
7.0.0 ≤
𝑥
< 7.0.35
CNA
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://jira.mongodb.org/browse/SERVER-123370