Denial of Service Vulnerability in Red Hat Advanced Cluster Security for Kubernetes
CVE-2026-9165

7.7HIGH

Key Information:

Vendor

Red Hat

Vendor
CVE Published:
6 July 2026

What is CVE-2026-9165?

A critical flaw exists in Red Hat Advanced Cluster Security for Kubernetes, where the authenticated GraphQL API does not enforce depth limitations on GraphQL queries. This can be exploited by an authenticated user with a valid API token, who may send complex and deeply nested queries leading to significant resource drain in Central. Such actions could eventually cause service disruptions, impacting the management plane's availability.

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Moritz Clasmeier (Red Hat).
.