CVE-2026-9735

MEDIUM 5.5

Keyfile contents are in MongoDB Server logs

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.

CWE	CWE-532
Vendor	mongodb
Product	mongodb server
Ecosystems	Database NoSQL
Industries	Technology
Published	Jun 9, 2026

Stay Ahead of the Next One

Get instant alerts for mongodb mongodb server

Be the first to know when new medium vulnerabilities affecting mongodb mongodb server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

MongoDB / MongoDB Server

8.3.0 < 8.3.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

jira.mongodb.org: https://jira.mongodb.org/browse/SERVER-126506