CVE-2026-9751
5.5 MEDIUMThe ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in p...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-532
Description
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-9735 — MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication (5.5 MEDIUM)
- CVE-2026-45581 — fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs (5.5 MEDIUM)
- CVE-2026-50205 — System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data (8.2 HIGH)
- CVE-2026-45679 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (6.5 MEDIUM)
- CVE-2026-40619 — A high security vulnerability affecting Security Center main server installations has been identified (7.8 HIGH)