CVE-2026-9749— MongoDB Server 安全漏洞

Using MaxKey() may crash the server

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer (that is, many results are routed to the same consumer), the server reaches the code path where a full per-consumer buffer is detected but the internal "high watermark" for that key range is not updated as intended.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

可达断言

MongoDB Server 安全漏洞

MongoDB Server是美国MongoDB公司的一套开源的NoSQL数据库。该数据库提供面向集合的存储、动态查询、数据复制及自动故障转移等功能。 MongoDB Server存在安全漏洞，该漏洞源于使用内部$exchange阶段配置键范围分区和保序传递时，单个键范围填满交换缓冲区但未更新内部高水位标记，可能导致服务器崩溃或返回错误结果。

N/A

N/A