Loading market data...
← Back to CVE feed

CVE-2026-9752

MEDIUM CVSS 6.5 View on NVD ↗

Description

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Published: Jun 09, 2026 23:17 UTC Modified: Jun 10, 2026 19:43 UTC