CVE-2026-9137

Vulnerability Description

The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding.

Related Weaknesses (CWE)

CWE-400

References

https://github.com/MISP/MISP/commit/02932cccab230b295afcaf5aa05e363d30db0ec9

FAQ

What is CVE-2026-9137?

CVE-2026-9137 is a documented vulnerability. The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, ...

How severe is CVE-2026-9137?

CVSS scoring is not yet available for CVE-2026-9137. Check NVD for updates.

Is there a patch for CVE-2026-9137?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.