diff --git a/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/MutationRepository.php b/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/MutationRepository.php
index b48141b41d1a2328cd9a4139f805466e24d8cb5f..c4b5da45bb74a17443334b423bdbe17860918495 100644
--- a/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/MutationRepository.php
+++ b/typo3/sysext/core/Classes/Security/ContentSecurityPolicy/MutationRepository.php
@@ -114,7 +114,7 @@ final class MutationRepository
             $scopedTarget = $this->provideScopeInMap($scope, $this->resolvedMutations);
             // fetch site-specific `enforce` and/or `report` disposition configuration
             $dispositionMap = $this->dispositionMapFactory->buildDispositionMap(
-                $site->getConfiguration()['contentSecurityPolicies']
+                $site->getConfiguration()['contentSecurityPolicies'] ?? []
             );
             /**
              * @var Disposition $disposition
diff --git a/typo3/sysext/frontend/Classes/Middleware/ContentSecurityPolicyHeaders.php b/typo3/sysext/frontend/Classes/Middleware/ContentSecurityPolicyHeaders.php
index 329b3da7e22915ff8ba97e2dad74f39ca4fc10b3..609128da00a84020fb75c258a0743265c85a048b 100644
--- a/typo3/sysext/frontend/Classes/Middleware/ContentSecurityPolicyHeaders.php
+++ b/typo3/sysext/frontend/Classes/Middleware/ContentSecurityPolicyHeaders.php
@@ -51,7 +51,7 @@ final readonly class ContentSecurityPolicyHeaders implements MiddlewareInterface
     {
         $site = $request->getAttribute('site');
         $dispositionMap = $this->dispositionMapFactory->buildDispositionMap(
-            $site instanceof Site ? $site->getConfiguration()['contentSecurityPolicies'] : []
+            $site instanceof Site ? ($site->getConfiguration()['contentSecurityPolicies'] ?? []) : []
         );
         // return early in case CSP shall not be used
         if ($dispositionMap->keys() === []) {