Description
The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines. When this stage is placed before $facet in a pipeline, TeeBuffer receives the unexpected PauseExecution from upstream and hits a hard invariant assertion, crashing mongod.
Published: 2026-06-09
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The issue involves the $_internalConvertBucketIndexStats stage, which incorrectly uses PauseExecution to signal a document skip. PauseExecution is a TeeBuffer-internal signal meant only for $facet coordination. When $_internalConvertBucketIndexStats precedes $facet in a pipeline and no timeseries input is present, TeeBuffer receives an unexpected PauseExecution, triggering a hard invariant assertion that crashes the mongod process. The crash results in a denial of service condition on the affected database server, potentially interrupting all client connections and impacting data availability.

Affected Systems

MongoDB Server is listed as the affected product. No specific version range is provided in the available data, so the vulnerability may affect all current releases of the server until an official patch is issued.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity. EPSS data is not available, so the exploitation likelihood cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. The description does not state the attack vector or attacker privileges necessary to trigger the crash, but it is inferred that any user who can submit aggregation pipelines containing the problematic stage might cause a denial of service. The primary impact is availability loss of the mongod service.

Generated by OpenCVE AI on June 9, 2026 at 23:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MongoDB Server to a version that contains the vendor‑issued fix once it becomes available.
  • Avoid using $_internalConvertBucketIndexStats before $facet in pipelines that process non‑timeseries data; re‑order or remove the stage to eliminate the crash trigger.
  • Apply stringent access controls to limit who can submit aggregation pipelines that might trigger the bug, thereby reducing the threat surface.

Generated by OpenCVE AI on June 9, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Mongodb
Mongodb mongodb Server
Vendors & Products Mongodb
Mongodb mongodb Server

Tue, 09 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines. When this stage is placed before $facet in a pipeline, TeeBuffer receives the unexpected PauseExecution from upstream and hits a hard invariant assertion, crashing mongod.
Title $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input
Weaknesses CWE-617
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mongodb Mongodb Server
cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published:

Updated: 2026-06-09T22:08:22.075Z

Reserved: 2026-05-27T17:47:07.609Z

Link: CVE-2026-9748

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T23:17:04.250

Modified: 2026-06-09T23:17:04.250

Link: CVE-2026-9748

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:30:16Z

Weaknesses