Description

When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.

Remediation

References

CVE-2026-9746

Related Vulnerabilities

Play Framework Inadequate Encryption Strength Vulnerability (CVE-2019-17598)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2571)

WordPress Plugin Carousel slideshow 'swfupload.swf' Cross-Site Scripting (3.10)

WordPress Plugin Protected Posts Logout Button Cross-Site Request Forgery (1.4.4)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20824)

Severity

Medium

Classification

CVE-2026-9746 CWE-617 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities