{"id":"CVE-2026-9747","summary":"Crafted cross-shard merge aggregation crashes MongoDB Server","details":"Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.","aliases":["BIT-mongodb-2026-9747"],"modified":"2026-07-08T08:12:41.311088013Z","published":"2026-06-09T22:05:24.209Z","database_specific":{"cwe_ids":["CWE-617"],"cna_assigner":"mongodb","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9747.json","unresolved_ranges":[{"extracted_events":[{"introduced":"8.3.0"},{"fixed":"8.3.3"},{"introduced":"8.2.0"},{"fixed":"8.2.10"},{"introduced":"8.0.0"},{"fixed":"8.0.24"},{"introduced":"7.0.0"},{"fixed":"7.0.35"}],"source":"AFFECTED_FIELD"}]},"references":[{"type":"WEB","url":"https://jira.mongodb.org/browse/SERVER-123918"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9747.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-9747"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo","events":[{"introduced":"37d84072b5c5b9fd723db5fa133fb202ad2317f1"},{"fixed":"ef9b301aabaadf6850a065ac7fcd6b327be8c3c2"},{"introduced":"b41cda4fe697dce6fd9b83b3805362ccc02fbeb3"},{"fixed":"d0ad95914a3351a12faf03ba35d41c43bc6feb7e"},{"introduced":"b993867dce63dd366cd93e60f3f425ed716f6497"},{"fixed":"1e3c7c32cb8246028ecc02d1d4b6c6c1f70ba429"},{"introduced":"0f29b043a58fdd251ce0a0b32754b8459613c933"},{"fixed":"065930ba70a49b0347dc5b8f0c04851770a68af2"}],"database_specific":{"extracted_events":[{"introduced":"7.0.0"},{"fixed":"7.0.35"},{"introduced":"8.0.0"},{"fixed":"8.0.24"},{"introduced":"8.2.0"},{"fixed":"8.2.10"},{"introduced":"8.3.0"},{"fixed":"8.3.3"}],"cpe":"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["r8.3.0","r8.2.4-alpha1","r8.2.4-alpha0","r7.0.27-rc0","r7.0.27","r8.0.17-alpha0","r8.0.16-rc1","r8.0.16","r7.0.27-alpha0","r7.0.26-rc0","r7.0.26","r8.2.3-alpha0","r8.2.2-rc0","r8.2.2","r8.0.16-rc0","r8.0.14-rc1","r8.0.14","r7.0.24-rc0","r7.0.24","r8.2.1-rc1","r8.2.1","r8.2.1-rc0","r7.0.25-alpha0","r8.0.14-rc0","r8.2.0","r8.0.13-rc2","r8.0.13","r8.0.13-rc1","r8.0.13-rc0","r7.0.23-rc1","r7.0.23","r7.0.23-rc0","r7.0.22-rc0","r7.0.22","r8.0.12-rc0","r8.0.12","r8.0.10-rc0","r8.0.10","r7.0.21-rc0","r7.0.21","r7.0.21-alpha0","r7.0.18","r8.0.6","r7.0.17","r8.0.5-rc2","r8.0.5","r8.0.5-rc1","r8.0.5-rc0","r7.0.16-rc1","r7.0.16-rc0","r7.0.16","r8.0.4-rc0","r8.0.4","r7.0.15","r8.0.3","r8.0.2","r7.0.15-rc1","r7.0.15-rc0","r8.0.1-rc0","r8.0.1","r8.0.0","r7.0.14-rc0","r7.0.14","r7.0.13-rc1","r7.0.13","r7.0.13-rc0","r7.0.12-rc1","r7.0.12","r7.0.12-rc0","r7.0.11-rc2","r7.0.11","r7.0.11-rc1","r7.0.11-rc0","r7.0.10-rc0","r7.0.10","r7.0.9-rc1","r7.0.9","r7.0.9-rc0","r7.0.8-rc0","r7.0.8","r7.0.7-rc2","r7.0.7","r7.0.7-rc1","r7.0.7-rc0","r7.0.6-rc0","r7.0.6","r7.0.5-rc0","r7.0.5","r7.0.4-rc0","r7.0.4","r7.0.3-rc1","r7.0.3","r7.0.3-rc0","r7.0.2-rc2","r7.0.2","r7.0.2-rc1","r7.0.2-rc0","r7.0.1-rc0","r7.0.1","r7.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9747.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}