CVE-2026-9165

high

Description

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2480505

https://access.redhat.com/security/cve/CVE-2026-9165

Details

Source: Mitre, NVD

Published: 2026-07-06

Updated: 2026-07-06

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 7.7

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Severity: High