Platform
java
Component
com.github.psi-probe:psi-probe-core
Opgelost in
5.0.1
5.1.1
5.2.1
5.3.1
5.3.1
CVE-2026-3269 describes a denial-of-service (DoS) vulnerability discovered in psi-probe PSI Probe, affecting versions up to 5.3.0. This flaw allows remote attackers to induce a denial of service by manipulating the handleRequestInternal function within the session handler. A public exploit is available, highlighting the urgency of addressing this issue. The vendor has not responded to early disclosure attempts.
The vulnerability lies within the handleRequestInternal function of the session handler in psi-probe PSI Probe. An attacker can craft malicious requests that exploit this flaw, causing the application to become unresponsive and unavailable to legitimate users. This effectively leads to a denial of service, disrupting critical monitoring and diagnostic operations. Given the availability of a public exploit, the risk of exploitation is considered high, potentially impacting system availability and operational efficiency. The impact is particularly severe in environments where psi-probe is used for critical system monitoring and troubleshooting.
This vulnerability has a public proof-of-concept available, indicating a relatively high probability of exploitation. It is not currently listed on the CISA KEV catalog. The vulnerability was publicly disclosed on 2026-02-27. The lack of vendor response raises concerns about the ongoing maintenance and security of psi-probe PSI Probe.
Organizations relying on psi-probe PSI Probe for system monitoring and diagnostics are at risk, particularly those using versions 5.3.0 or earlier. Environments with exposed psi-probe instances are especially vulnerable. Those who have not implemented robust input validation or rate limiting on their psi-probe deployments are also at increased risk.
• java / server:
ps -ef | grep psi-probe• java / server:
journalctl -u psi-probe | grep -i error• generic web:
curl -I <psi_probe_url>• generic web:
grep -r "handleRequestInternal" /opt/psi-probe/psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.javadisclosure
Exploit Status
EPSS
0.01% (3% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to upgrade psi-probe PSI Probe to a version that addresses CVE-2026-3269. Unfortunately, a fixed version is not explicitly listed in the provided data. As a temporary workaround, consider implementing rate limiting on incoming requests to the PSI Probe application. This can help prevent an attacker from overwhelming the system with malicious requests. Additionally, review and harden the application's configuration to minimize the attack surface. After upgrading (or implementing workarounds), verify the system's stability and responsiveness by sending a series of valid requests and monitoring resource utilization.
Actualice PSI Probe a una versión posterior a 5.3.0, si está disponible, para mitigar la vulnerabilidad de denegación de servicio. Si no hay una versión corregida disponible, considere deshabilitar o eliminar el componente Session Handler hasta que se publique una solución.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-3269 is a denial-of-service vulnerability in psi-probe PSI Probe versions up to 5.3.0, allowing remote attackers to cause a denial of service through request manipulation.
You are affected if you are using psi-probe PSI Probe version 5.3.0 or earlier. Immediate action is recommended.
Upgrade to a patched version of psi-probe PSI Probe. As a temporary workaround, implement rate limiting and review application configuration.
A public exploit exists, indicating a high probability of active exploitation. Monitor your systems closely.
Due to the vendor's lack of response, a formal advisory may not exist. Monitor security news sources and community forums for updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je pom.xml-bestand en we vertellen je direct of je getroffen bent.