{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3269", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-26T15:13:39.920Z", "datePublished": "2026-02-26T23:32:07.430Z", "dateUpdated": "2026-02-27T19:57:57.822Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-26T23:32:07.430Z"}, "title": "psi-probe PSI Probe Session ExpireSessionsController.java handleRequestInternal denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "psi-probe", "product": "PSI Probe", "versions": [{"version": "5.0", "status": "affected"}, {"version": "5.1", "status": "affected"}, {"version": "5.2", "status": "affected"}, {"version": "5.3.0", "status": "affected"}], "modules": ["Session Handler"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-26T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-26T16:18:49.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Ana10gy (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.347993", "name": "VDB-347993 | psi-probe PSI Probe Session ExpireSessionsController.java handleRequestInternal denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347993", "name": "VDB-347993 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758665", "name": "Submit #758665 | Psi Probe <=5.3.0 Broken Access Control", "tags": ["third-party-advisory"]}, {"url": "https://github.com/AnalogyC0de/public_exp/issues/13", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T19:57:44.239528Z", "id": "CVE-2026-3269", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T19:57:57.822Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3269", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-27T19:57:44.239528Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T19:57:51.600Z"}}], "cna": {"title": "psi-probe PSI Probe Session ExpireSessionsController.java handleRequestInternal denial of service", "credits": [{"lang": "en", "type": "reporter", "value": "Ana10gy (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "psi-probe", "modules": ["Session Handler"], "product": "PSI Probe", "versions": [{"status": "affected", "version": "5.0"}, {"status": "affected", "version": "5.1"}, {"status": "affected", "version": "5.2"}, {"status": "affected", "version": "5.3.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-26T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-26T16:18:49.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.347993", "name": "VDB-347993 | psi-probe PSI Probe Session ExpireSessionsController.java handleRequestInternal denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347993", "name": "VDB-347993 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758665", "name": "Submit #758665 | Psi Probe <=5.3.0 Broken Access Control", "tags": ["third-party-advisory"]}, {"url": "https://github.com/AnalogyC0de/public_exp/issues/13", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-26T23:32:07.430Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3269", "state": "PUBLISHED", "dateUpdated": "2026-02-27T19:57:57.822Z", "dateReserved": "2026-02-26T15:13:39.920Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-26T23:32:07.430Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:psi-probe:psi_probe:*:*:*:*:*:*:*:*", "matchCriteriaId": "C781474C-E255-4F0D-9468-D23DB4701ACC", "versionEndIncluding": "5.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha encontrado un fallo en psi-probe PSI Probe hasta la versi\u00f3n 5.3.0. El elemento afectado es la funci\u00f3n handleRequestInternal del archivo psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java del componente Gestor de Sesiones. La ejecuci\u00f3n de una manipulaci\u00f3n puede llevar a una denegaci\u00f3n de servicio. El ataque puede ser lanzado remotamente. El exploit ha sido publicado y puede ser utilizado. El proveedor fue contactado tempranamente sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-3269", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-27T00:16:58.717", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/AnalogyC0de/public_exp/issues/13"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.347993"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.347993"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.758665"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.3.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PSI Probe", "source": "cna", "vendor": "psi-probe"}, "product": "psi_probe", "vendor": "psi-probe"}], "analysis": {"en": {"generated_at": "2026-04-17T14:11:15.372849+00:00", "value": {"mitigation_remediation": ["Upgrade PSI Probe to a version newer than 5.3.0 to eliminate the vulnerability.", "If an upgrade is not immediately possible, restrict network access to the controller handling session expiration, for example by configuring firewall rules to block external requests to that endpoint.", "Continuously monitor application logs for repeated failed or malformed requests to the session expiration handler, as indicators of potential exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The weakness affects PSI Probe versions up to and including 5.3.0. Only installations of psi-probe that have not applied a later release are vulnerable.", "description_and_impact": "A flaw exists in the handleRequestInternal function of the ExpireSessionsController within PSI Probe. By manipulating the expected input to this handler, an attacker can cause the application to become unresponsive, leading to a denial of service. The vulnerability is categorized as a failure to safely handle a request, identified as CWE-404.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% suggests very low but non-zero probability of exploitation. The vulnerability has been publicly disclosed and an exploit is available, yet it is not currently listed in the CISA KEV catalog. The attack can be launched remotely, so any exposed PSI Probe instance is a potential target. Absence of a published fix until an update means that unpatched deployments remain exposed to this denial-of-service vector."}}}}, "created": "2026-02-27T09:03:34.803869+00:00", "updated": "2026-04-17T14:15:21.815629+00:00", "vendors": ["psi-probe", "psi-probe$PRODUCT$psi_probe"]}