CVE-2026-3269 is a denial of service vulnerability identified in the PSI Probe monitoring tool, specifically affecting versions 5.0 through 5.3.0. The vulnerability resides in the handleRequestInternal method within the ExpireSessionsController.java file, part of the session handler component. PSI Probe is widely used to monitor Apache Tomcat servers, providing insights into server health and session management. The flaw allows a remote attacker to manipulate requests to this function, causing the application to enter a denial of service state, likely by exhausting resources or triggering unhandled exceptions. The attack vector requires no user interaction and can be executed remotely with low privileges, making it relatively easy to exploit. The CVSS 4.0 base score is 5.3, reflecting medium severity due to the lack of confidentiality, integrity, or availability impact beyond service disruption, and the requirement for some privileges. The vendor was notified early but has not issued a patch or response, and while no active exploitation in the wild is reported, a public exploit exists, increasing the urgency for mitigation. This vulnerability could disrupt monitoring operations, impacting administrators' ability to manage Tomcat server sessions effectively.

The primary impact of CVE-2026-3269 is the denial of service of the PSI Probe monitoring tool, which can lead to loss of visibility into Apache Tomcat server sessions and overall server health. This disruption can delay detection of other critical issues or attacks on the underlying infrastructure. Organizations relying on PSI Probe for real-time monitoring may experience operational blind spots, increasing risk exposure. Although the vulnerability does not directly compromise data confidentiality or integrity, the loss of monitoring capability can indirectly facilitate further attacks or prolonged outages. The ease of remote exploitation without user interaction and low privilege requirements increases the likelihood of attack attempts, especially in environments where PSI Probe is exposed to untrusted networks. The lack of vendor response and patches further exacerbates risk, potentially leading to increased downtime and operational impact in affected environments.

Since no official patch is currently available, organizations should implement the following mitigations: 1) Restrict network access to the PSI Probe interface by limiting exposure to trusted internal networks or VPNs to reduce attack surface. 2) Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) to detect and block suspicious requests targeting the ExpireSessionsController endpoint. 3) Monitor PSI Probe logs and server metrics for unusual activity or signs of resource exhaustion indicative of exploitation attempts. 4) Consider temporarily disabling or limiting session expiration features in PSI Probe if feasible to reduce attack vectors. 5) Keep PSI Probe updated and monitor vendor channels for any forthcoming patches or advisories. 6) As a longer-term solution, evaluate alternative monitoring tools or implement redundant monitoring to maintain visibility in case of PSI Probe service disruption. 7) Harden the underlying Tomcat server and associated infrastructure to minimize broader impact if PSI Probe is compromised.