CVE-2026-9747

Publication date 9 June 2026

Last updated 18 June 2026

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.

Status

Package Ubuntu Release Status
mongodb 26.04 LTS resolute Not in release
25.10 questing Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
14.04 LTS trusty
Needs evaluation

Severity score breakdown

CVSS version:

Base score 7.1 · High

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Base score 6.5 · Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Other references

Access our resources on patching vulnerabilities