Denial of Service Vulnerability in Red Hat Advanced Cluster Security for Kubernetes
CVE-2026-9165
7.7HIGH
What is CVE-2026-9165?
A critical flaw exists in Red Hat Advanced Cluster Security for Kubernetes, where the authenticated GraphQL API does not enforce depth limitations on GraphQL queries. This can be exploited by an authenticated user with a valid API token, who may send complex and deeply nested queries leading to significant resource drain in Central. Such actions could eventually cause service disruptions, impacting the management plane's availability.
References
CVSS V3.1
Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was discovered by Moritz Clasmeier (Red Hat).