Vulnerabilities

CVE-2026-9137

by Fred · 20/05/2026

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding.

More information : https://github.com/MISP/MISP/commit/02932cccab230b295afcaf5aa05e363d30db0ec9

Similar

Tags: Cybersecurity Alert