{"id":"CVE-2026-9741","summary":"Client side encryption fails to encrypt values in a $vectorSearch","details":"A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE)  results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext.","aliases":["BIT-mongodb-2026-9741"],"modified":"2026-07-15T15:52:59.782876Z","published":"2026-06-09T21:56:01.111Z","database_specific":{"cna_assigner":"mongodb","cwe_ids":["CWE-319"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9741.json","unresolved_ranges":[{"extracted_events":[{"introduced":"8.3.0"},{"fixed":"8.3.3"},{"introduced":"8.2.0"},{"fixed":"8.2.10"},{"introduced":"8.0.0"},{"fixed":"8.0.24"},{"introduced":"7.0.0"},{"fixed":"7.0.35"}],"source":"AFFECTED_FIELD"}]},"references":[{"type":"WEB","url":"https://jira.mongodb.org/browse/SERVER-123507"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9741.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-9741"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"37d84072b5c5b9fd723db5fa133fb202ad2317f1"},{"fixed":"ef9b301aabaadf6850a065ac7fcd6b327be8c3c2"},{"introduced":"b41cda4fe697dce6fd9b83b3805362ccc02fbeb3"},{"fixed":"d0ad95914a3351a12faf03ba35d41c43bc6feb7e"},{"introduced":"b993867dce63dd366cd93e60f3f425ed716f6497"},{"fixed":"1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429"},{"introduced":"0f29b043a58fdd251ce0a0b32754b8459613c933"},{"fixed":"065930ba70a49b0347dc5b8f0c04851770a68af2"}],"database_specific":{"cpe":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"7.0.0"},{"fixed":"7.0.35"},{"introduced":"8.0.0"},{"fixed":"8.0.24"},{"introduced":"8.2.0"},{"fixed":"8.2.10"},{"introduced":"8.3.0"},{"fixed":"8.3.3"}],"source":"CPE_RANGE"}}],"versions":["r8.3.0","r8.2.4-alpha1","r8.2.4-alpha0","r7.0.27-rc0","r7.0.27","r8.0.17-alpha0","r8.0.16-rc1","r8.0.16","r7.0.27-alpha0","r7.0.26-rc0","r7.0.26","r8.2.3-alpha0","r8.2.2-rc0","r8.2.2","r8.0.16-rc0","r8.0.14-rc1","r8.0.14","r7.0.24-rc0","r7.0.24","r8.2.1-rc1","r8.2.1","r8.2.1-rc0","r7.0.25-alpha0","r8.0.14-rc0","r8.2.0","r8.0.13-rc2","r8.0.13","r8.0.13-rc1","r8.0.13-rc0","r7.0.23-rc1","r7.0.23","r7.0.23-rc0","r7.0.22-rc0","r7.0.22","r8.0.12-rc0","r8.0.12","r8.0.10-rc0","r8.0.10","r7.0.21-rc0","r7.0.21","r7.0.21-alpha0","r7.0.18","r8.0.6","r7.0.17","r8.0.5-rc2","r8.0.5","r8.0.5-rc1","r8.0.5-rc0","r7.0.16-rc1","r7.0.16-rc0","r7.0.16","r8.0.4-rc0","r8.0.4","r7.0.15","r8.0.3","r8.0.2","r7.0.15-rc1","r7.0.15-rc0","r8.0.1-rc0","r8.0.1","r8.0.0","r7.0.14-rc0","r7.0.14","r7.0.13-rc1","r7.0.13","r7.0.13-rc0","r7.0.12-rc1","r7.0.12","r7.0.12-rc0","r7.0.11-rc2","r7.0.11","r7.0.11-rc1","r7.0.11-rc0","r7.0.10-rc0","r7.0.10","r7.0.9-rc1","r7.0.9","r7.0.9-rc0","r7.0.8-rc0","r7.0.8","r7.0.7-rc2","r7.0.7","r7.0.7-rc1","r7.0.7-rc0","r7.0.6-rc0","r7.0.6","r7.0.5-rc0","r7.0.5","r7.0.4-rc0","r7.0.4","r7.0.3-rc1","r7.0.3","r7.0.3-rc0","r7.0.2-rc2","r7.0.2","r7.0.2-rc1","r7.0.2-rc0","r7.0.1-rc0","r7.0.1","r7.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9741.json","vanir_signatures_modified":"2026-07-15T15:52:59Z","vanir_signatures":[{"signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429","target":{"file":"src/mongo/db/query/write_ops/write_ops_exec_test.cpp"},"deprecated":false,"digest":{"line_hashes":["328502844643021291939386328423142806983","85739572630903537909444397421191965062","220106585106022402331435815346987584900","209454881083987832169278606524251629464","236513909239447700438713678376380667808"],"threshold":0.9},"id":"CVE-2026-9741-1720b4a5","signature_type":"Line"},{"deprecated":false,"digest":{"function_hash":"166907568856978077527464439951043576997","length":803},"id":"CVE-2026-9741-177973cb","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429","target":{"file":"src/mongo/db/pipeline/aggregation_request_helper.cpp","function":"validateRequestForAPIVersion"}},{"source":"https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429","target":{"file":"src/mongo/db/query/write_ops/write_ops_exec_test.cpp","function":"TEST_F"},"deprecated":false,"digest":{"function_hash":"80993861282303540082374336386478101984","length":2466},"id":"CVE-2026-9741-1c4c4408","signature_type":"Function","signature_version":"v1"},{"deprecated":false,"digest":{"line_hashes":["174998403124653740785832338368523143456","195597813628417826792599755283872434533","35121533934985493290280581719442999597","250189946382220132725671125359187123104","335422712820504450491531006393880496577","20005679044720583151091149993640543000","275057660019837301573080575671581138841","118703497020578914518273191703017441490","7783128965371646123963090736034524757","97370122612351530264443556156513731532","73781963797617986215115702098958022004","273958897543711387616670573192535233890","19835129639943419341267922366511847573"],"threshold":0.9},"id":"CVE-2026-9741-37a42e90","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/ef9b301aabaadf6850a065ac7fcd6b327be8c3c2","target":{"file":"src/mongo/util/net/openssl_init.cpp"}},{"signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2","target":{"file":"src/mongo/client/authenticate.cpp","function":"_speculateSaslStart"},"deprecated":false,"digest":{"length":1759,"function_hash":"33576969391667528712105414855855095210"},"id":"CVE-2026-9741-3818d52e","signature_type":"Function"},{"target":{"file":"src/mongo/db/pipeline/variables.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["139003973651184330825232460885165143342","326327286876524191664573910910733841197","201010144386666100831709597301329867408","238172519026952072388623448764090946616","150530340747984040105585632915270331658","261001565073159049059253410734251117508","301554335781787585942024321791597726223","68687955472087118704060565545473008431","189907234794602120716515394122932582079","109319411453406127717474571158384123372"]},"id":"CVE-2026-9741-60a52bfd","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429"},{"target":{"file":"src/mongo/db/query/write_ops/write_ops.cpp"},"deprecated":false,"digest":{"line_hashes":["201630955409724750278170577941240966804","143314775941851585133796736215278774546","83793512496032093979220562351551591094","45450630048429459114369538718073463549","31272677362475748439578075055985933301","41202910159203610737232058278783453941","335034453997521887169494091237162080241","91747350517002491231927320071107484682","315547871431241435455883696545867605802"],"threshold":0.9},"id":"CVE-2026-9741-71b2e2de","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429"},{"digest":{"function_hash":"215007885188677139124391370534346903790","length":1368},"id":"CVE-2026-9741-78addba3","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429","target":{"file":"src/mongo/db/pipeline/variables.cpp","function":"Variables::transitionalExtractRuntimeConstants"},"deprecated":false},{"signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429","target":{"file":"src/mongo/db/query/write_ops/write_ops.cpp","function":"estimateRuntimeConstantsSize"},"deprecated":false,"digest":{"function_hash":"314763807676857937631086388324992689162","length":992},"id":"CVE-2026-9741-7cd175d0"},{"target":{"file":"src/mongo/client/authenticate.cpp"},"deprecated":false,"digest":{"line_hashes":["105051277585384029869713401387324710299","135010353328424632509818700676883262741","230022231509017531526336883388413859957","21785236440502061071534570285577718704","314611412092879437439966455802374359968","4328176094298166889601989525363512001","89833129311893956686513176585485383462","67104821923433815313850425352519867386","66993897057338546953195861906592522514","41622748248584985132494531963597557744","242973420897860388216828233337695113596","336731002354755517834207641772257008949","64002474223761432976487321914411588332","261309617626622354563994167105861925016","229808833034910568928737793619657257065","327973055814987959560058864332639589393","331230983148226970461307129171652554653","194280706403459704585085037893015299868","132169427929260727166827845414640998831","263821533391834434161668531794875587617","231008637408865177850436966867033654335","131209670928832011957508828184726650364","64002474223761432976487321914411588332","261309617626622354563994167105861925016","152599178162463674149335674778053474470","82317842280543420915626715536098646954","89485288152782603664608867313022701634","201049280170827963568948467383659578170","186915239712986481660363218458077044420","81595865256585900407563580384512090789","89485288152782603664608867313022701634","201049280170827963568948467383659578170"],"threshold":0.9},"id":"CVE-2026-9741-80a3d3f5","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2"},{"id":"CVE-2026-9741-815d545c","signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429","target":{"file":"src/mongo/db/pipeline/aggregation_request_helper.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["199277108881247090008089064970489480756","262659735080644839981408736376524170838","184199251189374183021798221865414612859","189687695048587286787935123825246628451"]}},{"deprecated":false,"digest":{"function_hash":"20399944836295365806244165546970965254","length":2313},"id":"CVE-2026-9741-99e1e8a5","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2","target":{"file":"src/mongo/client/sasl_client_authenticate_impl.cpp","function":"saslClientAuthenticateImpl"}},{"signature_type":"Line","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2","target":{"file":"src/mongo/client/sasl_client_authenticate_impl.cpp"},"deprecated":false,"digest":{"line_hashes":["119297248915920219031821473937269301824","192950127050229143070957758609674490481","299256134244687864194021167969650322418","78705388978130039955877200458257143577","321869386180767067962050016171660673429","92304406178298145235033043329826640960","203486625542267065639036914103785025824","101091632339192440179784421579332741865","121174813050634776452676460079189488323","128019987876497809896042531600850302807","254894470578114612803585286215406515998","214382625466148222914899976163699517733","190404496706438243159513143102836777584","56154081985503966229462899327055184543","208419707775319461290978685733013608031","112980909939898786886727276248725730797","125593633845177966189813606560474867521","171922900114146216740577553907126530807","101091632339192440179784421579332741865","264963333426305115134532843740947636372","89987837705424899310632089922787348176","57891838713164422666568581445619931080","60290105400638828282268502673375231284","142183950137575110969330755820960546057","56154081985503966229462899327055184543","208419707775319461290978685733013608031"],"threshold":0.9},"id":"CVE-2026-9741-bae78291"},{"deprecated":false,"digest":{"function_hash":"45101164990253539481215998889390091905","length":1778},"id":"CVE-2026-9741-e4b18909","signature_type":"Function","signature_version":"v1","source":"https://github.com/mongodb/mongo/commit/065930ba70a49b0347dc5b8f0c04851770a68af2","target":{"file":"src/mongo/client/authenticate.cpp","function":"authX509"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}