A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
There is no complete mitigation other than installing the update once available.
References
History
Mon, 06 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Mon, 06 Jul 2026 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane. | |
| Title | Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service | |
| First Time appeared |
Redhat
Redhat advanced Cluster Security |
|
| Weaknesses | CWE-400 | |
| CPEs | cpe:/a:redhat:advanced_cluster_security:4 | |
| Vendors & Products |
Redhat
Redhat advanced Cluster Security |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-06T08:46:22.139Z
Reserved: 2026-05-21T12:54:16.202Z
Link: CVE-2026-9165
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-06T17:15:16Z
Weaknesses