MongoDb Cleartext Transmission of Sensitive Information Vulnerability - CVE-2026-9741

A bug in query analysis processing of the vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext.