MongoDb Reachable Assertion Vulnerability - CVE-2026-9748

The _internalConvertBucketIndexStats stage used PauseExecution as a way to signal quotskip this documentquot when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism but rather a TeeBuffer-internal signal used solely by facet to coordinate its sub-pipelines. When this stage is placed before facet in a pipeline TeeBuffer receives the unexpected PauseExecution from upstream and hits a hard invariant assertion crashing mongod.