Resource exhaustion in Red Hat Advanced Cluster Security 4
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested…
Vulnerability class: DoS (Denial of Service)
CVSS v3 metric
CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H.
Affected products
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
Frequently asked questions
- What is CVE-2026-9165?
- CVE-2026-9165 is a high-severity vulnerability in Red Hat Advanced Cluster Security 4, classified under Uncontrolled Resource Consumption. CVSS score: 7.7/10. Published 2026-07-06.
- How severe is CVE-2026-9165?
- High severity. CVSS v3 base score is 7.7 out of 10.