Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
PSI Probe: Denial of Service via Unhandled Session Expire Request
CVE-2026-3269
GHSA-rx6w-2w6h-r346
GHSA-rx6w-2w6h-r346
Summary
A security issue in PSI Probe's session handling can cause the service to crash, making it unavailable to users. This can be exploited remotely, and a working exploit is already available. It's recommended to update PSI Probe to the latest version, as the vendor has not provided a fix or response to the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github | com.github.psi-probe:psi-probe-core | <= 5.3.0 | – |
| psi-probe | psi_probe | <= 5.3.0 | – |
Original title
PSI Probe: Broken access control can lead to DoS
Original description
A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
4.0
nvd CVSS3.1
6.5
nvd CVSS4.0
5.3
Vulnerability type
CWE-404
CWE-285
Improper Authorization
- https://vuldb.com/?id.347993 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.758665 Third Party Advisory VDB Entry
- https://nvd.nist.gov/vuln/detail/CVE-2026-3269
- https://github.com/advisories/GHSA-rx6w-2w6h-r346
- https://github.com/AnalogyC0de/public_exp/issues/13 Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347993 Permissions Required VDB Entry
- https://github.com/psi-probe/psi-probe Product
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026