VDB
GCVE-110-NCSC-2026-209
GCVE-110-NCSC-2026-209
Advisory PublishedCVSS 5.5/10
MongoDB server may log full authentication credentials in server logs during SASL authentication when connection health metric logging is enabled, without redaction.
Weaknesses (CWE)
CWE-532Insertion of Sensitive Information into Log FileCWE-674Uncontrolled RecursionCWE-319Cleartext Transmission of Sensitive InformationCWE-1287Improper Validation of Specified Type of InputCWE-476NULL Pointer DereferenceCWE-617Reachable AssertionCWE-457Use of Uninitialized Variable
Risk Scores
CVSS 3.1
5.5/10
Medium · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| MongoDB | vers:unknown/* | — | — |
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.