Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://jira.mongodb.org/browse/SERVER-123440 |
|
Fri, 12 Jun 2026 11:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 10 Jun 2026 02:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mongodb
Mongodb mongodb Server |
|
| Vendors & Products |
Mongodb
Mongodb mongodb Server |
Tue, 09 Jun 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference. | |
| Title | GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation | |
| Weaknesses | CWE-476 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: mongodb
Published:
Updated: 2026-06-10T18:30:32.743Z
Reserved: 2026-05-27T17:48:46.130Z
Link: CVE-2026-9752
Updated: 2026-06-10T18:30:28.699Z
Status : Awaiting Analysis
Published: 2026-06-09T23:17:04.770
Modified: 2026-06-10T19:43:28.857
Link: CVE-2026-9752
No data.
OpenCVE Enrichment
Updated: 2026-06-10T02:30:05Z