CVE-2026-22598
Unknown Unknown - Not Provided
Denial of Service via Malformed TimeProfile in ManageIQ API

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: GitHub, Inc.

Description
ManageIQ is an open-source management platform. A flaw was found in the ManageIQ API prior to version radjabov-2 where a malformed TimeProfile could be created causing later UI and API requests to timeout leading to a Denial of Service. Version radjabov-2 contains a patch. One may also apply the patch manually.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22598
EUVD
EUVD-2026-3776
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
manageiq manageiq *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22598 is a high-severity Denial of Service (DoS) vulnerability in ManageIQ versions prior to radjabov-2. It occurs because the ManageIQ API allows creation of malformed TimeProfile objects due to improper input validation. These malformed TimeProfiles cause subsequent UI and API requests to timeout, leading to service unavailability. The root cause is that the system does not correctly validate the properties of the TimeProfile input data, allowing invalid configurations that disrupt normal operations. [1]

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) by making the ManageIQ system unavailable. When a malformed TimeProfile is created, it causes later UI and API requests to timeout, significantly affecting system availability. An attacker with low privileges can exploit this remotely without user interaction, leading to service disruption and preventing legitimate users from accessing ManageIQ services. [1]

Mitigation Strategies

To mitigate this vulnerability, you should upgrade ManageIQ to version radjabov-2 or later, which contains the patch fixing the issue. Alternatively, you can manually apply the patch available at https://github.com/ManageIQ/manageiq/commit/79cef10c7d0278d8a37c3f547c426948180df4df.patch. No other workarounds exist. The patch enforces strict validation on the TimeProfile model to prevent malformed profiles that cause denial of service. [1, 2]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22598. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart