CVE-2026-9741
MEDIUM
NVD
CVSS Score
6.5
Severity
MEDIUM
Published
Jun 09, 2026
Vendor
unknown
Description
A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext.