Description
The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines. When this stage is placed before $facet in a pipeline, TeeBuffer receives the unexpected PauseExecution from upstream and hits a hard invariant assertion, crashing mongod.
Published: 2026-06-09
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The issue involves the $_internalConvertBucketIndexStats stage, which incorrectly uses PauseExecution to signal a document skip. PauseExecution is a TeeBuffer-internal signal meant only for $facet coordination. When $_internalConvertBucketIndexStats precedes $facet in a pipeline and no timeseries input is present, TeeBuffer receives an unexpected PauseExecution, triggering a hard invariant assertion that crashes the mongod process. The crash results in a denial of service condition on the affected database server, potentially interrupting all client connections and impacting data availability.

Affected Systems

MongoDB Server is listed as the affected product. No specific version range is provided in the available data, so the vulnerability may affect all current releases of the server until an official patch is issued.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity. EPSS data is not available, so the exploitation likelihood cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. The description does not state the attack vector or attacker privileges necessary to trigger the crash, but it is inferred that any user who can submit aggregation pipelines containing the problematic stage might cause a denial of service. The primary impact is availability loss of the mongod service.

Generated by OpenCVE AI on June 9, 2026 at 23:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MongoDB Server to a version that contains the vendor‑issued fix once it becomes available.
  • Avoid using $_internalConvertBucketIndexStats before $facet in pipelines that process non‑timeseries data; re‑order or remove the stage to eliminate the crash trigger.
  • Apply stringent access controls to limit who can submit aggregation pipelines that might trigger the bug, thereby reducing the threat surface.

Generated by OpenCVE AI on June 9, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Mongodb mongodb
CPEs cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Vendors & Products Mongodb mongodb

Wed, 10 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Mongodb
Mongodb mongodb Server
Vendors & Products Mongodb
Mongodb mongodb Server

Tue, 09 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines. When this stage is placed before $facet in a pipeline, TeeBuffer receives the unexpected PauseExecution from upstream and hits a hard invariant assertion, crashing mongod.
Title $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input
Weaknesses CWE-617
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mongodb Mongodb Mongodb Server
cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published:

Updated: 2026-06-10T13:34:29.394Z

Reserved: 2026-05-27T17:47:07.609Z

Link: CVE-2026-9748

cve-icon Vulnrichment

Updated: 2026-06-10T13:34:20.658Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-09T23:17:04.250

Modified: 2026-06-15T17:10:28.170

Link: CVE-2026-9748

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:30:16Z

Weaknesses