CVE-2026-9165
Received Received - Intake

GraphQL Query Depth Denial of Service in Red Hat Advanced Cluster Security

Vulnerability report for CVE-2026-9165, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: Red Hat, Inc.

Description

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
red_hat advanced_cluster_security_for_kubernetes to 2026-05-21 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The provided resources do not specify immediate mitigation steps or workarounds for this vulnerability.

Executive Summary

This vulnerability exists in Red Hat Advanced Cluster Security (RHACS) Central's GraphQL API, which does not limit the depth of queries that authenticated users can submit.

An authenticated user with a valid API token can send deeply nested GraphQL queries that exploit recursive type relationships in the schema.

These deeply nested queries cause excessive CPU and memory consumption due to the heavy processing required, which leads to a denial of service condition for the Central management plane.

Impact Analysis

The vulnerability can cause a denial of service (DoS) in the RHACS Central management plane by exhausting system resources such as CPU and memory.

This means legitimate users and management operations may be unable to access or use the Central component effectively, potentially disrupting security management and monitoring of Kubernetes clusters.

Detection Guidance

This vulnerability can be detected by monitoring for unusually high CPU and memory usage on the Red Hat Advanced Cluster Security (RHACS) Central component, which may indicate that deeply nested GraphQL queries are being executed.

Since the issue involves authenticated GraphQL API requests with excessive query depth, inspecting API logs for deeply nested GraphQL queries or abnormal query patterns can help identify exploitation attempts.

Specific commands are not provided in the available resources, but general approaches include:

  • Using system monitoring tools like top, htop, or ps to observe CPU and memory usage on the Central component.
  • Reviewing API access logs or enabling detailed logging on the GraphQL API to detect queries with excessive nesting.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9165. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart