cvedb.io
CVE-2026-9137
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-05-20T20:16:46.177 · Last modified 2026-06-22T19:23:18.580

Summary

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding.

Affected products

misp-project — misp

Does this affect you?

Add your gear to cvedb and we'll alert you only when misp-project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.