CVE-2026-9753
8.1 HIGHThe $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to re...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
- CWE
- CWE-1287
Description
The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-9742 — When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" ... (7.5 HIGH)
- CVE-2026-11460 — A flaw has been found in Boost Serialization up to 1.91 (7.3 HIGH)
- CVE-2024-6858 — In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL c... (6.5 MEDIUM)
- CVE-2026-49941 — Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses (7.5 HIGH)
- CVE-2026-47675 — Hono is a Web application framework that provides support for any JavaScript runtime (4.3 MEDIUM)