BIT-mongodb-2026-9742

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2026-9742.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mongodb-2026-9742
Aliases
  • CVE-2026-9742
Published
2026-06-22T05:47:15.274Z
Modified
2026-06-22T08:45:05.702853443Z
Summary
Authenticate command with specific mechanism parameter can trigger server crash
Details

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations.

Database specific
{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:-:*:*:*"
    ]
}
References

Affected packages

Bitnami / mongodb

Package

Name
mongodb
Purl
pkg:bitnami/mongodb

Severity

  • 8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.2.0
Fixed
8.2.10
Introduced
8.3.0
Fixed
8.3.3

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2026-9742.json"