CVE advisoryCRITICAL
CVE-2026-59509
cve-search Improper Input Validation Allows MongoDB Data Exposure
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An unauthenticated vulnerability in cve-search allows remote attackers to read arbitrary application data by manipulating request parameters. This could expose sensitive administrative credentials, potentially leading to account compromise. The issue is reachable via network access.