CVE-2026-9746EPSS p14.1%

CVE-2026-9746CVE-2026-9746

mongodb / mongodb

Description

When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS0.24% probability of exploitation · percentile 14.1% · 2026-06-18T12:00:27Z
Last modified2026-06-18

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-9753
CVE
CVE-2026-9749
CVE
CVE-2026-4148
CVE
CVE-2026-9750
CVE
CVE-2026-9748
CVE
CVE-2026-9740
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.