CVE-2026-9746
6.5 MEDIUMWhen using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the serve...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-617
Description
When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46543 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.3 MEDIUM)
- CVE-2026-46542 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (4.3 MEDIUM)
- CVE-2026-9750 — An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal ... (6.5 MEDIUM)
- CVE-2026-9749 — This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning a... (6.5 MEDIUM)
- CVE-2026-9748 — The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion fa... (6.5 MEDIUM)