CVE-2026-9749: Using MaxKey() may crash the server
This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer (that is, many results are routed to the same consumer), the server reaches the code path where a full per-consumer buffer is detected but the internal "high watermark" for that key range is not updated as intended.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-9749?
The severity of CVE-2026-9749 is rated as medium with a score of 6.5.
What impact does CVE-2026-9749 have on MongoDB?
CVE-2026-9749 can result in a server crash when an aggregation pipeline uses the internal $exchange stage with improper key range configurations.
How do I fix CVE-2026-9749?
To mitigate CVE-2026-9749, avoid using the MaxKey() function within aggregation pipelines configured with key-range partitioning.
What versions of MongoDB are affected by CVE-2026-9749?
CVE-2026-9749 affects specific configurations in MongoDB but the exact versions need to be confirmed in the release notes.
Is there a workaround for CVE-2026-9749?
A potential workaround for CVE-2026-9749 is to limit the size of the data processed in a single key range during aggregation.