cvedb.io
CVE-2026-9753
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2026-06-09T23:17:04.897 · Last modified 2026-06-18T14:40:06.343

Summary

The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.

Affected products

mongodb — mongodb

Does this affect you?

Add your gear to cvedb and we'll alert you only when mongodb ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.