Keyfile contents are in MongoDB Server logs_CVE-2026-9735

6.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

Basic Information

ID CVE-2026-9735

Source mongodb

Published Jun 9, 2026 at 22:40

Affected Product

Vendor MongoDB

Product MongoDB Server

Version 8.3.0

Affected Versions MongoDB MongoDB Server 8.3.0

CWE Classification

CWE-532

References

jira.mongodb.org /browse/SERVER-126506

{
    "lastseen": "",
    "description": "MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.",
    "published": "2026-06-09T22:40:55.614Z",
    "modified": "2026-06-09T22:40:55.614Z",
    "type": "cve",
    "title": "Keyfile contents are in MongoDB Server logs",
    "source": "mongodb",
    "references": "https://jira.mongodb.org/browse/SERVER-126506",
    "id": "CVE-2026-9735",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "MongoDB MongoDB Server 8.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MongoDB Server",
    "version": "8.3.0",
    "vendor": "MongoDB",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}