CVE-2026-9137EPSS p28.2%

CVE-2026-9137CVE-2026-9137

misp / misp

Description

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS0.36% probability of exploitation · percentile 28.2% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41977
CVE
CVE-2026-21028
CVE
CVE-2025-49181
CVE
CVE-2025-6514
CVE
CVE-2026-23899
CVE
CVE-2026-41032
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.