Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

CVE-2026-9137 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-9137

CVE-2026-9137

HIGH7.5

CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit

Published May 20, 2026

Modified 2 weeks ago

Details

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding.

References

https://github.com/MISP/MISP/commit/02932cccab230b295afcaf5aa05e363d30db0ec9

https://www.cve.org/CVERecord?id=CVE-2026-9137

CVSS Analysis

CVSS v4.0

5.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

NonePR:N

User Interaction

ActiveUI:A

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

LowVA:L

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

5.1/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Weakness Type (CWE)

Resource Management

Resource Exhaustion

Ecosystems

Timeline

PublishedMay 20, 2026

ModifiedMay 29, 2026