CVE-2026-9735
5.5 MEDIUMMongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-532
Description
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-9751 — The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in p... (5.5 MEDIUM)
- CVE-2026-45581 — fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs (5.5 MEDIUM)
- CVE-2026-50205 — System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data (8.2 HIGH)
- CVE-2026-45679 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (6.5 MEDIUM)
- CVE-2026-40619 — A high security vulnerability affecting Security Center main server installations has been identified (7.8 HIGH)