Description
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
Vendor Workaround
There is no complete mitigation other than installing the update once available.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Mon, 06 Jul 2026 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane. | |
| Title | Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service | |
| First Time appeared |
Redhat
Redhat advanced Cluster Security |
|
| Weaknesses | CWE-400 | |
| CPEs | cpe:/a:redhat:advanced_cluster_security:4 | |
| Vendors & Products |
Redhat
Redhat advanced Cluster Security |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-06T08:46:22.139Z
Reserved: 2026-05-21T12:54:16.202Z
Link: CVE-2026-9165
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses