CVEFinder.io

CVE-2026-9751

🔶 medium
🔍 Scan for this CVE
Summary

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.

CVSS Score
5.5
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2026-06-09
First Seen: 2026-06-10
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.5% of all 328,009 vulnerabilities in our database.

#221,257
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 10, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-06-12
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Vector 4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-532

📦 Affected Products 4

Vendor Product Status Affected Versions
mongodb mongodb Affected
> 7.0.0 < 7.0.35
mongodb mongodb Affected
> 8.0.0 < 8.0.24
mongodb mongodb Affected
> 8.2.0 < 8.2.10
mongodb mongodb Affected
> 8.3.0 < 8.3.3

🔗 References 1

https://jira.mongodb.org/browse/SERVER-123370
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-9735 🔶 medium 5.5 0.1 MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. W... 2026-06-09
CVE-2026-9740 ⚠️ high 7.5 0.3 A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by ... 2026-06-09
CVE-2026-9743 🔶 medium 6.5 0.2 In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines... 2026-06-09
CVE-2026-9747 🔶 medium 6.5 0.2 Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. 2026-06-09
CVE-2026-9748 🔶 medium 6.5 0.3 The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index st... 2026-06-09
CVE-2026-9750 🔶 medium 6.5 0.3 An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfe... 2026-06-09
These CVEs affect the same products