Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MongoDb Insertion of Sensitive Information into Log File Vulnerability (CVE-2026-9751)

Description

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.

Remediation

References

Related Vulnerabilities

WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10673)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Security Bypass (3.4.8)

WordPress Plugin LearnDash LMS Insecure Direct Object Reference (4.6.0)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9855)

WordPress Improper Input Validation Vulnerability (CVE-2013-4339)

Severity

Medium

Classification

CVE-2026-9751 CWE-532 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities