CVE-2026-9752EPSS p14.8%

CVE-2026-9752CVE-2026-9752

mongodb / mongodb

Description

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS0.24% probability of exploitation · percentile 14.8% · 2026-06-19T12:03:05Z
Last modified2026-06-18

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-9750
CVE
CVE-2025-57052
CVE
CVE-2026-9746
CVE
CVE-2025-49848
CVE
CVE-2026-9741
CVE
CVE-2026-9747
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.