CVE-2026-9741

Source
https://cve.org/CVERecord?id=CVE-2026-9741
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9741.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-9741
Aliases
Downstream
Published
2026-06-09T21:56:01.111Z
Modified
2026-07-15T15:52:59.782876Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Client side encryption fails to encrypt values in a $vectorSearch
Details

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext.

Database specific
{
    "cna_assigner": "mongodb",
    "cwe_ids": [
        "CWE-319"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "8.3.0"
                },
                {
                    "fixed": "8.3.3"
                },
                {
                    "introduced": "8.2.0"
                },
                {
                    "fixed": "8.2.10"
                },
                {
                    "introduced": "8.0.0"
                },
                {
                    "fixed": "8.0.24"
                },
                {
                    "introduced": "7.0.0"
                },
                {
                    "fixed": "7.0.35"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9741.json"
}
References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.35"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.0.24"
        },
        {
            "introduced": "8.2.0"
        },
        {
            "fixed": "8.2.10"
        },
        {
            "introduced": "8.3.0"
        },
        {
            "fixed": "8.3.3"
        }
    ]
}

Affected versions

r7.*
r7.0.0
r7.0.1
r7.0.1-rc0
r7.0.10
r7.0.10-rc0
r7.0.11
r7.0.11-rc0
r7.0.11-rc1
r7.0.11-rc2
r7.0.12
r7.0.12-rc0
r7.0.12-rc1
r7.0.13
r7.0.13-rc0
r7.0.13-rc1
r7.0.14
r7.0.14-rc0
r7.0.15
r7.0.15-rc0
r7.0.15-rc1
r7.0.16
r7.0.16-rc0
r7.0.16-rc1
r7.0.17
r7.0.18
r7.0.2
r7.0.2-rc0
r7.0.2-rc1
r7.0.2-rc2
r7.0.21
r7.0.21-alpha0
r7.0.21-rc0
r7.0.22
r7.0.22-rc0
r7.0.23
r7.0.23-rc0
r7.0.23-rc1
r7.0.24
r7.0.24-rc0
r7.0.25-alpha0
r7.0.26
r7.0.26-rc0
r7.0.27
r7.0.27-alpha0
r7.0.27-rc0
r7.0.3
r7.0.3-rc0
r7.0.3-rc1
r7.0.4
r7.0.4-rc0
r7.0.5
r7.0.5-rc0
r7.0.6
r7.0.6-rc0
r7.0.7
r7.0.7-rc0
r7.0.7-rc1
r7.0.7-rc2
r7.0.8
r7.0.8-rc0
r7.0.9
r7.0.9-rc0
r7.0.9-rc1
r8.*
r8.0.0
r8.0.1
r8.0.1-rc0
r8.0.10
r8.0.10-rc0
r8.0.12
r8.0.12-rc0
r8.0.13
r8.0.13-rc0
r8.0.13-rc1
r8.0.13-rc2
r8.0.14
r8.0.14-rc0
r8.0.14-rc1
r8.0.16
r8.0.16-rc0
r8.0.16-rc1
r8.0.17-alpha0
r8.0.2
r8.0.3
r8.0.4
r8.0.4-rc0
r8.0.5
r8.0.5-rc0
r8.0.5-rc1
r8.0.5-rc2
r8.0.6
r8.2.0
r8.2.1
r8.2.1-rc0
r8.2.1-rc1
r8.2.2
r8.2.2-rc0
r8.2.3-alpha0
r8.2.4-alpha0
r8.2.4-alpha1
r8.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9741.json"
vanir_signatures
[
    {
        "id": "CVE-2026-9741-1720b4a5",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "328502844643021291939386328423142806983",
                "85739572630903537909444397421191965062",
                "220106585106022402331435815346987584900",
                "209454881083987832169278606524251629464",
                "236513909239447700438713678376380667808"
            ]
        },
        "target": {
            "file": "src/mongo/db/query/write_ops/write_ops_exec_test.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-177973cb",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429",
        "deprecated": false,
        "digest": {
            "function_hash": "166907568856978077527464439951043576997",
            "length": 803.0
        },
        "target": {
            "function": "validateRequestForAPIVersion",
            "file": "src/mongo/db/pipeline/aggregation_request_helper.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-1c4c4408",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429",
        "deprecated": false,
        "digest": {
            "function_hash": "80993861282303540082374336386478101984",
            "length": 2466.0
        },
        "target": {
            "function": "TEST_F",
            "file": "src/mongo/db/query/write_ops/write_ops_exec_test.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-37a42e90",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/ef9b301aabaadf6850a065ac7fcd6b327be8c3c2",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "174998403124653740785832338368523143456",
                "195597813628417826792599755283872434533",
                "35121533934985493290280581719442999597",
                "250189946382220132725671125359187123104",
                "335422712820504450491531006393880496577",
                "20005679044720583151091149993640543000",
                "275057660019837301573080575671581138841",
                "118703497020578914518273191703017441490",
                "7783128965371646123963090736034524757",
                "97370122612351530264443556156513731532",
                "73781963797617986215115702098958022004",
                "273958897543711387616670573192535233890",
                "19835129639943419341267922366511847573"
            ]
        },
        "target": {
            "file": "src/mongo/util/net/openssl_init.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-3818d52e",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2",
        "deprecated": false,
        "digest": {
            "function_hash": "33576969391667528712105414855855095210",
            "length": 1759.0
        },
        "target": {
            "function": "_speculateSaslStart",
            "file": "src/mongo/client/authenticate.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-60a52bfd",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "139003973651184330825232460885165143342",
                "326327286876524191664573910910733841197",
                "201010144386666100831709597301329867408",
                "238172519026952072388623448764090946616",
                "150530340747984040105585632915270331658",
                "261001565073159049059253410734251117508",
                "301554335781787585942024321791597726223",
                "68687955472087118704060565545473008431",
                "189907234794602120716515394122932582079",
                "109319411453406127717474571158384123372"
            ]
        },
        "target": {
            "file": "src/mongo/db/pipeline/variables.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-71b2e2de",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "201630955409724750278170577941240966804",
                "143314775941851585133796736215278774546",
                "83793512496032093979220562351551591094",
                "45450630048429459114369538718073463549",
                "31272677362475748439578075055985933301",
                "41202910159203610737232058278783453941",
                "335034453997521887169494091237162080241",
                "91747350517002491231927320071107484682",
                "315547871431241435455883696545867605802"
            ]
        },
        "target": {
            "file": "src/mongo/db/query/write_ops/write_ops.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-78addba3",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429",
        "deprecated": false,
        "digest": {
            "function_hash": "215007885188677139124391370534346903790",
            "length": 1368.0
        },
        "target": {
            "function": "Variables::transitionalExtractRuntimeConstants",
            "file": "src/mongo/db/pipeline/variables.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-7cd175d0",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429",
        "deprecated": false,
        "digest": {
            "function_hash": "314763807676857937631086388324992689162",
            "length": 992.0
        },
        "target": {
            "function": "estimateRuntimeConstantsSize",
            "file": "src/mongo/db/query/write_ops/write_ops.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-80a3d3f5",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "105051277585384029869713401387324710299",
                "135010353328424632509818700676883262741",
                "230022231509017531526336883388413859957",
                "21785236440502061071534570285577718704",
                "314611412092879437439966455802374359968",
                "4328176094298166889601989525363512001",
                "89833129311893956686513176585485383462",
                "67104821923433815313850425352519867386",
                "66993897057338546953195861906592522514",
                "41622748248584985132494531963597557744",
                "242973420897860388216828233337695113596",
                "336731002354755517834207641772257008949",
                "64002474223761432976487321914411588332",
                "261309617626622354563994167105861925016",
                "229808833034910568928737793619657257065",
                "327973055814987959560058864332639589393",
                "331230983148226970461307129171652554653",
                "194280706403459704585085037893015299868",
                "132169427929260727166827845414640998831",
                "263821533391834434161668531794875587617",
                "231008637408865177850436966867033654335",
                "131209670928832011957508828184726650364",
                "64002474223761432976487321914411588332",
                "261309617626622354563994167105861925016",
                "152599178162463674149335674778053474470",
                "82317842280543420915626715536098646954",
                "89485288152782603664608867313022701634",
                "201049280170827963568948467383659578170",
                "186915239712986481660363218458077044420",
                "81595865256585900407563580384512090789",
                "89485288152782603664608867313022701634",
                "201049280170827963568948467383659578170"
            ]
        },
        "target": {
            "file": "src/mongo/client/authenticate.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-815d545c",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "199277108881247090008089064970489480756",
                "262659735080644839981408736376524170838",
                "184199251189374183021798221865414612859",
                "189687695048587286787935123825246628451"
            ]
        },
        "target": {
            "file": "src/mongo/db/pipeline/aggregation_request_helper.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-99e1e8a5",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2",
        "deprecated": false,
        "digest": {
            "function_hash": "20399944836295365806244165546970965254",
            "length": 2313.0
        },
        "target": {
            "function": "saslClientAuthenticateImpl",
            "file": "src/mongo/client/sasl_client_authenticate_impl.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-bae78291",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "119297248915920219031821473937269301824",
                "192950127050229143070957758609674490481",
                "299256134244687864194021167969650322418",
                "78705388978130039955877200458257143577",
                "321869386180767067962050016171660673429",
                "92304406178298145235033043329826640960",
                "203486625542267065639036914103785025824",
                "101091632339192440179784421579332741865",
                "121174813050634776452676460079189488323",
                "128019987876497809896042531600850302807",
                "254894470578114612803585286215406515998",
                "214382625466148222914899976163699517733",
                "190404496706438243159513143102836777584",
                "56154081985503966229462899327055184543",
                "208419707775319461290978685733013608031",
                "112980909939898786886727276248725730797",
                "125593633845177966189813606560474867521",
                "171922900114146216740577553907126530807",
                "101091632339192440179784421579332741865",
                "264963333426305115134532843740947636372",
                "89987837705424899310632089922787348176",
                "57891838713164422666568581445619931080",
                "60290105400638828282268502673375231284",
                "142183950137575110969330755820960546057",
                "56154081985503966229462899327055184543",
                "208419707775319461290978685733013608031"
            ]
        },
        "target": {
            "file": "src/mongo/client/sasl_client_authenticate_impl.cpp"
        }
    },
    {
        "id": "CVE-2026-9741-e4b18909",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2",
        "deprecated": false,
        "digest": {
            "function_hash": "45101164990253539481215998889390091905",
            "length": 1778.0
        },
        "target": {
            "function": "authX509",
            "file": "src/mongo/client/authenticate.cpp"
        }
    }
]
vanir_signatures_modified
"2026-07-15T15:52:59Z"