Log Management Issue in MISP by Risk Scanning Technologies
CVE-2026-9137

5.1MEDIUM

Key Information:

Vendor: Misp
Status: Misp
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-9137?

A log management flaw exists in MISP where the CSP report endpoint inadvertently allows log reports to reach up to 1 MB instead of the intended 1 KB limit. This flaw poses a risk when the endpoint is accessed by untrusted clients, enabling attackers to generate a large volume of logs. Consequently, this could lead to resource exhaustion, overwhelming the logging system, and potentially causing service disruptions.

Affected Version(s)

misp 2.5.0 <= 2.5.37

References

https://github.com/MISP/MISP/commit/02932cccab230b295afca...

patch

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 20, 2026

Credit

Seth Kraft

CVE-2026-9137 Data

JSON

Misp

What is CVE-2026-9137?

Affected Version(s)

References

CVSS V4

Timeline

Credit