CVE-2026-9165

Published Jul 6, 2026

Last updated 8 hours ago

CVSS high 7.7
Container Security

Overview

Description
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.7
Impact score
4
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-400

Social media

Hype score
Not currently trending