CVE-2026-9751: CWE-532 Insertion of sensitive information into log file in MongoDB MongoDB Server
CVE-2026-9751 is a vulnerability in MongoDB Server where the ldapQueryPassword parameter, when set via the runtime setParameter command, is logged in plain text to the mongod. log file. This exposure of sensitive information in logs can lead to credential disclosure. The issue affects MongoDB Server versions 7. 0. 0, 8. 0. 0, 8. 2. 0, and 8.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2026-9751 involves the insertion of sensitive information into log files (CWE-532) in MongoDB Server. Specifically, when the ldapQueryPassword parameter is set at runtime using the setParameter command, the new password value is recorded in plaintext within the mongod.log file. This behavior risks exposing sensitive credentials to anyone with access to the log files. The vulnerability affects MongoDB Server versions 7.0.0, 8.0.0, 8.2.0, and 8.3.0. The CVSS 4.0 vector indicates local attack vector with low complexity and low privileges required, no user interaction, and high vulnerability confidentiality impact. There is no vendor advisory or patch available at this time, and no known exploits in the wild have been reported.
Potential Impact
The primary impact is the exposure of sensitive LDAP query passwords in plaintext within MongoDB server log files. This can lead to credential compromise if unauthorized users gain access to these logs. The vulnerability does not directly enable remote code execution or privilege escalation but compromises confidentiality of sensitive authentication data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should restrict access to mongod.log files to trusted administrators only and avoid setting the ldapQueryPassword parameter via the runtime setParameter command if possible. Monitoring and auditing access to log files is recommended to detect unauthorized access.
CVE-2026-9751: CWE-532 Insertion of sensitive information into log file in MongoDB MongoDB Server
Description
CVE-2026-9751 is a vulnerability in MongoDB Server where the ldapQueryPassword parameter, when set via the runtime setParameter command, is logged in plain text to the mongod. log file. This exposure of sensitive information in logs can lead to credential disclosure. The issue affects MongoDB Server versions 7. 0. 0, 8. 0. 0, 8. 2. 0, and 8.
CVSS v4.0
Score 6.8medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability identified as CVE-2026-9751 involves the insertion of sensitive information into log files (CWE-532) in MongoDB Server. Specifically, when the ldapQueryPassword parameter is set at runtime using the setParameter command, the new password value is recorded in plaintext within the mongod.log file. This behavior risks exposing sensitive credentials to anyone with access to the log files. The vulnerability affects MongoDB Server versions 7.0.0, 8.0.0, 8.2.0, and 8.3.0. The CVSS 4.0 vector indicates local attack vector with low complexity and low privileges required, no user interaction, and high vulnerability confidentiality impact. There is no vendor advisory or patch available at this time, and no known exploits in the wild have been reported.
Potential Impact
The primary impact is the exposure of sensitive LDAP query passwords in plaintext within MongoDB server log files. This can lead to credential compromise if unauthorized users gain access to these logs. The vulnerability does not directly enable remote code execution or privilege escalation but compromises confidentiality of sensitive authentication data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should restrict access to mongod.log files to trusted administrators only and avoid setting the ldapQueryPassword parameter via the runtime setParameter command if possible. Monitoring and auditing access to log files is recommended to detect unauthorized access.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mongodb
- Date Reserved
- 2026-05-27T17:48:24.554Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2899f18dd33fbd859049d1
Added to database: 6/9/2026, 10:55:45 PM
Last enriched: 6/9/2026, 11:11:22 PM
Last updated: 6/10/2026, 1:39:12 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.