๐Ÿ” CVE Alert

CVE-2026-9165

HIGH 7.7

Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service

CVSS Score
7.7
EPSS Score
0.3%
EPSS Percentile
17th

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.

CWE CWE-400
Vendor red hat
Product red hat advanced cluster security for kubernetes 4.10
Published Jul 6, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for red hat red hat advanced cluster security for kubernetes 4.10

Be the first to know when new high vulnerabilities affecting red hat red hat advanced cluster security for kubernetes 4.10 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Red Hat / Red Hat Advanced Cluster Security for Kubernetes 4.10
All versions affected
Red Hat / Red Hat Advanced Cluster Security for Kubernetes 4.11
All versions affected
Red Hat / Red Hat Advanced Cluster Security for Kubernetes 4.9
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:36207 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:36319 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:36625 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-9165 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2480505

Credits

This issue was discovered by Moritz Clasmeier (Red Hat).