Security Advisory

CVE-2026-9137

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-20 18:43:30

Last updated 2026-05-20 19:26:46

Assigner CIRCL

State PUBLISHED

Description

The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion or log flooding.

← Browse all CVEs View on cve.org ↗