CVE-2026-9165
7.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.11 | 1783352589 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.9 | 1783357116 < * | unaffected |
Weaknesses
- CWE-400: Uncontrolled Resource Consumption
Workarounds
There is no complete mitigation other than installing the update once available.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2026:36207
- https://access.redhat.com/errata/RHSA-2026:36319
- https://access.redhat.com/security/cve/CVE-2026-9165
- https://bugzilla.redhat.com/show_bug.cgi?id=2480505
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.