VDB

GCVE-110-NCSC-2026-209

GCVE-110-NCSC-2026-209
Advisory PublishedCVSS 5.5/10
Vulnetix · Advisory published June 23, 2026
MongoDB server may log full authentication credentials in server logs during SASL authentication when connection health metric logging is enabled, without redaction.

Weaknesses (CWE)

CWE-532Insertion of Sensitive Information into Log FileCWE-674Uncontrolled RecursionCWE-319Cleartext Transmission of Sensitive InformationCWE-1287Improper Validation of Specified Type of InputCWE-476NULL Pointer DereferenceCWE-617Reachable AssertionCWE-457Use of Uninitialized Variable

Risk Scores

CVSS 3.1
5.5/10
Medium · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersionsPlatforms
MongoDBvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›