CVE-2026-9751
Sensitive data could be written to mongod.log
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
MongoDB · MongoDB ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →