Platform
java
Component
com.github.psi-probe:psi-probe-core
Fixed in
5.0.1
5.1.1
5.2.1
5.3.1
5.3.1
CVE-2026-3269 describes a denial-of-service (DoS) vulnerability discovered in psi-probe PSI Probe, affecting versions up to 5.3.0. This flaw allows remote attackers to induce a denial of service by manipulating the handleRequestInternal function within the session handler. A public exploit is available, highlighting the urgency of addressing this issue. The vendor has not responded to early disclosure attempts.
The vulnerability lies within the handleRequestInternal function of the session handler in psi-probe PSI Probe. An attacker can craft malicious requests that exploit this flaw, causing the application to become unresponsive and unavailable to legitimate users. This effectively leads to a denial of service, disrupting critical monitoring and diagnostic operations. Given the availability of a public exploit, the risk of exploitation is considered high, potentially impacting system availability and operational efficiency. The impact is particularly severe in environments where psi-probe is used for critical system monitoring and troubleshooting.
This vulnerability has a public proof-of-concept available, indicating a relatively high probability of exploitation. It is not currently listed on the CISA KEV catalog. The vulnerability was publicly disclosed on 2026-02-27. The lack of vendor response raises concerns about the ongoing maintenance and security of psi-probe PSI Probe.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade psi-probe PSI Probe to a version that addresses CVE-2026-3269. Unfortunately, a fixed version is not explicitly listed in the provided data. As a temporary workaround, consider implementing rate limiting on incoming requests to the PSI Probe application. This can help prevent an attacker from overwhelming the system with malicious requests. Additionally, review and harden the application's configuration to minimize the attack surface. After upgrading (or implementing workarounds), verify the system's stability and responsiveness by sending a series of valid requests and monitoring resource utilization.
Update PSI Probe to a version later than 5.3.0, if available, to mitigate the denial of service vulnerability. If no patched version is available, consider disabling or removing the Session Handler component until a fix is released.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3269 is a denial-of-service vulnerability in psi-probe PSI Probe versions up to 5.3.0, allowing remote attackers to cause a denial of service through request manipulation.
You are affected if you are using psi-probe PSI Probe version 5.3.0 or earlier. Immediate action is recommended.
Upgrade to a patched version of psi-probe PSI Probe. As a temporary workaround, implement rate limiting and review application configuration.
A public exploit exists, indicating a high probability of active exploitation. Monitor your systems closely.
Due to the vendor's lack of response, a formal advisory may not exist. Monitor security news sources and community forums for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.