Home

Description

The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.

PUBLISHED Reserved 2026-05-27 | Published 2026-06-09 | Updated 2026-06-10 | Assigner mongodb




HIGH: 7.2CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Problem types

CWE-1287 Improper validation of specified type of input

Product status

Default status
unaffected

8.3.0 (semver) before 8.3.3
affected

8.2.0 (semver) before 8.2.10
affected

8.0.0 (semver) before 8.0.24
affected

7.0.0 (semver) before 7.0.35
affected

Credits

daffainfo (Muhammad Daffa) finder

References

jira.mongodb.org/browse/SERVER-124959

cve.org (CVE-2026-9753)

nvd.nist.gov (CVE-2026-9753)

Download JSON