CVE-2026-9101

MEDIUM CVSS 4.3 View on NVD ↗

Description

Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to "1-click" command execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

https://jira.mongodb.org/browse/COMPASS-10657

Published: May 20, 2026 17:16 UTC Modified: May 20, 2026 17:32 UTC