MEDIUM 6.5

CVE-2026-9741: MongoDB Queryable Encryption & CSFLE Plaintext Field Leak in Vector Search

MongoDB's encryption features—specifically Queryable Encryption and Client-Side Field Level Encryption (CSFLE)—contain a flaw in how they handle the $vectorSearch aggregation stage. When users filter encrypted data using $vectorSearch, literal values meant to stay encrypted are instead sent to the MongoDB server in plaintext. This defeats a core purpose of client-side encryption: keeping sensitive data encrypted at rest and in transit. An authenticated attacker with database access could potentially read these exposed field values, even though the bulk of the encrypted document remains protected.

Source data · NVD / CISA · public domain

CVSS
3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weaknesses (CWE)
CWE-319
Affected products
1 configuration(s)
Published / Modified
2026-06-09 / 2026-06-18

NVD description (verbatim)

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext.

1 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-9741 is a cleartext transmission vulnerability (CWE-319) affecting MongoDB's query analysis layer during $vectorSearch aggregation processing. When a $vectorSearch stage includes filter expressions containing literal values from fields marked for Queryable Encryption or CSFLE protection, the query analyzer fails to preserve the encryption boundary and transmits these literals as plaintext to the server instead of as ciphertext. The vulnerability manifests only in queries that combine vector search with encrypted field filters; standard encrypted queries without vector search are unaffected. The root cause lies in incomplete integration of encryption handling into the vector search code path during query compilation and validation.

Business impact

Organizations relying on MongoDB encryption to meet data protection compliance requirements (HIPAA, PCI-DSS, GDPR) face unexpected exposure of encrypted field values in vector search queries. This could lead to compliance violations if unencrypted sensitive data (credit cards, PHI, PII) transits the network or appears in server logs. The impact is limited to authenticated users who both (1) have permission to execute $vectorSearch queries and (2) target encrypted fields in filter expressions. However, insider threat risk increases: a DBA or compromised application account could exfiltrate encrypted field values by crafting specific vector search queries.

Affected systems

MongoDB products using Queryable Encryption or Client-Side Field Level Encryption are affected. The vulnerability applies to any version that implements $vectorSearch with QE/CSFLE; consult MongoDB's official security advisory for precise version ranges and patched builds. Applications using CSFLE or QE for sensitive field protection but not using $vectorSearch aggregation are unaffected. Atlas Vector Search users should verify their encryption configuration and query patterns.

Exploitability

The vulnerability requires authentication: an attacker must have a valid database connection and permission to run aggregation queries. No network exploit exists; the issue is triggered by intentional query construction combining $vectorSearch with encrypted field filters. Exploitation does not require special tools—standard MongoDB client libraries and query syntax suffice. However, the attacker must understand which fields are encrypted and how to reference them in filter expressions. Public exploit code is unlikely because successful exfiltration depends on application-specific field names and encryption configuration. CVSS 3.1 score of 6.5 (Medium) reflects the authentication requirement and high confidentiality impact balanced against limited availability/integrity effects.

Remediation

Apply MongoDB security patches as released by the vendor. MongoDB will issue patched versions that correctly encrypt literal values in $vectorSearch filter expressions. Interim mitigations include: restrict $vectorSearch query execution to trusted application code paths; audit and monitor aggregation queries that combine $vectorSearch with encrypted fields; consider disabling $vectorSearch if vector search functionality is not required. Verify patch applicability and compatibility before production deployment.

Patch guidance

Monitor MongoDB's security advisories and release notes for patched versions addressing CVE-2026-9741. Patches will correct the query analyzer to preserve encryption semantics when processing $vectorSearch filter expressions. Verify patch version numbers and compatibility with your MongoDB deployment model (self-managed or Atlas) before applying. Test patched versions in a staging environment to ensure no regression in vector search functionality or performance. Rolling updates may be required for replica sets and sharded clusters to maintain availability.

Detection guidance

Search application logs and database audit logs for aggregation queries containing both $vectorSearch and filter conditions on fields marked for QE/CSFLE encryption. Monitor network traffic for plaintext transmission of values that should be encrypted according to your encryption policy. Enable MongoDB query logging and filter for aggregation stages containing encrypted field references. Correlate logs with database schema metadata to identify queries that violate encryption boundaries. Intrusion detection rules should flag repeated $vectorSearch queries targeting the same encrypted fields, which may indicate reconnaissance or data exfiltration attempts.

Why prioritize this

Patch this vulnerability as part of your regular security update cycle (within 60–90 days), prioritizing test and staging environments first. While CVSS 6.5 is Medium severity, the confidentiality impact is high for organizations that depend on encryption to protect sensitive fields in vector search use cases. If your applications do not use $vectorSearch with encrypted fields, the immediate risk is lower but patches should still be applied to maintain defense in depth. Prioritize patching if you operate in regulated industries (healthcare, finance) where unexpected plaintext transmission of sensitive data could trigger compliance reviews or incident notifications.

Risk score, explained

CVSS 3.1 score of 6.5 (Medium) is driven by: high confidentiality impact (encrypted field values leak as plaintext), no integrity or availability impact, and authentication requirement (PR:L). The score appropriately reflects that while the vulnerability is serious for data protection, it requires a valid database user to exploit and does not cascade to system compromise. The lack of CISA KEV designation indicates no evidence of active exploitation in the wild as of the publication date, reducing immediate tactical urgency but not strategic importance for organizations with relevant workloads.

Frequently asked questions

Does this vulnerability affect all MongoDB encryption modes?

No. Only Queryable Encryption (QE) and Client-Side Field Level Encryption (CSFLE) are affected, and only when $vectorSearch aggregation is combined with filters on encrypted fields. Standard document-level encryption and applications not using $vectorSearch are unaffected.

Can this vulnerability be exploited by unauthenticated attackers?

No. The vulnerability requires a valid MongoDB database connection and appropriate permissions to execute aggregation queries. There is no network-level or authentication bypass involved.

What is the difference between Queryable Encryption and CSFLE, and why does this bug affect both?

Queryable Encryption allows querying encrypted data server-side; CSFLE encrypts fields on the client before transmission. Both enforce encryption boundaries during query processing. This bug affects both because the $vectorSearch aggregation stage was not fully integrated with the encryption handling logic, causing plaintext leakage in both encryption modes.

Should I disable vector search until a patch is available?

If your application does not use $vectorSearch with encrypted field filters, there is no functional need to disable it. However, if it does combine vector search with encrypted fields, consider restricting access to that query pattern or disabling $vectorSearch until patches are available and deployed.

This intelligence is based on publicly disclosed information and the ground-truth vendor data as of the publication date. Patch versions, compatibility matrices, and detailed remediation steps must be verified against MongoDB's official security advisory and release notes. SEC.co makes no warranty regarding patch availability, timeline, or compatibility with specific deployments. Organizations should conduct their own risk assessment and consult MongoDB support for environment-specific guidance. Exploit code and weaponized proof-of-concept steps are intentionally not provided in this analysis. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).