Security Advisory

CVE-2026-9101

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-20 16:18:10

Last updated 2026-05-27 13:10:03

Assigner mongodb

State PUBLISHED

Description

Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to "1-click" command execution.

← Browse all CVEs View on cve.org ↗