CVE-2026-9137
Received Received - Intake
Content Security Policy Report Endpoint Log Flooding Vulnerability

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: 5a6e4751-2f3f-4070-9419-94fb35b644e8

Description
The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-05-21
AI Q&A
2026-05-20
EPSS Evaluated
N/A
NVD
CVE-2026-9137
EUVD
EUVD-2026-31155
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
misp misp to 1.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Content Security Policy (CSP) report endpoint in the MISP software. The endpoint was intended to limit the size of logged CSP reports to 1 KB, but due to incorrect validation, it allowed reports up to 1 MB before truncation.

Because of this mistake, attackers could send very large CSP reports, which could overwhelm the logging system.


How can this vulnerability impact me? :

If the vulnerable endpoint is accessible by untrusted clients, attackers could exploit this flaw to generate excessive log volume.

This could lead to resource exhaustion or log flooding, potentially degrading system performance or causing denial of service conditions.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves the CSP report endpoint accepting reports up to 1 MB instead of the intended 1 KB, which can lead to excessive log volume or resource exhaustion.

To detect this vulnerability on your system, you can monitor the size of incoming CSP reports to the endpoint. Look for unusually large CSP report payloads, especially those exceeding 1 KB.

Commands to help detect this might include:

  • Using network monitoring tools like tcpdump or Wireshark to capture HTTP POST requests to the CSP report endpoint and filter by payload size.
  • Example tcpdump command to capture large CSP reports (assuming endpoint at /csp-report):
  • tcpdump -i any -A 'tcp port 80 or tcp port 443' | grep -B 5 -A 20 '/csp-report' | awk 'length($0) > 1024'
  • Alternatively, check your application logs for CSP reports larger than 1 KB, which indicates the vulnerability is present.

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to ensure that the CSP report endpoint properly limits the size of incoming reports to 1 KB as intended.

This can be done by applying the fix that corrects the size validation in the ServersController.php file, changing the limit check from 1 MB to 1 KB and truncating reports accordingly before logging.

Additionally, restrict access to the CSP report endpoint to trusted clients only, to prevent untrusted clients from flooding logs with large reports.

Monitoring and alerting on unusually large CSP reports or excessive logging can also help detect and mitigate attempts to exploit this vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart