Back to overview

CVE-2026-9165

HIGH
7.7
CVSS 3.1
Description
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.

Metadata

CVE ID
CVE-2026-9165
State
PUBLISHED
Assigner
redhat
Reserved
2026-05-21 12:54 UTC
Published
2026-07-06 08:46 UTC
Last updated
2026-07-06 08:46 UTC
Primary CWE
CWE-400
Uncontrolled Resource Consumption
Vendor / Product
Red Hat / Red Hat Advanced Cluster Security 4
Sources
cve.org  ·  NVD

Severity & Metrics

7.7 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected products (1)
VendorProductPlatformVersions
Red Hat Red Hat Advanced Cluster Security 4
Weakness (CWE)
CWESourceDescription
CWE-400 cna Uncontrolled Resource Consumption
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.7 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Back to overview