{"cve":{"cve_id":"CVE-2026-9742","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00347,"epss_percentile":0.26386,"epss_as_of":"2026-06-23","description":"When OIDC authentication is enabled in configuration, clients may set specific values in the \"mechanism\" parameter of the \"authenticate\" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations.","published_at":"2026-06-09T21:57:46.304000Z","last_modified_at":null,"cvss_v3_score":7.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":8.2,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"HIGH","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-1287"],"nvd_references":["https://jira.mongodb.org/browse/SERVER-124183"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:31:14.033653Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"mongodb","vendor_name":"MongoDB","product_slug":"mongodb-server","product_name":"MongoDB Server","version_start":"8.3.0","version_start_inclusive":true,"version_end":"8.3.3","version_end_inclusive":false,"cpe23_uri":"cve5:mongodb:mongodb-server:8.3.0:8.3.3"},{"vendor_slug":"mongodb","vendor_name":"MongoDB","product_slug":"mongodb-server","product_name":"MongoDB Server","version_start":"8.2.0","version_start_inclusive":true,"version_end":"8.2.10","version_end_inclusive":false,"cpe23_uri":"cve5:mongodb:mongodb-server:8.2.0:8.2.10"}],"exploit_refs":[],"news":[],"references":[{"url":"https://jira.mongodb.org/browse/SERVER-124183","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-09T21:57:46.304000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:56:27.543306Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:27.543306Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:27.543306Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:27.543306Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:27.543306Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:27.543306Z","label":"CVSS score revised","source":"cvelistv5"}]}