CVE-2026-9735

medium

Description

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

References

https://jira.mongodb.org/browse/SERVER-126506

Details

Source: Mitre, NVD

Published: 2026-06-09

Updated: 2026-06-09

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 6.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00016

Detections

Analytics

CVE-2026-9735

medium

Description

References

Details

Risk Information

CVSS v2

CVSS v3

CVSS v4

EPSS