CVE-2026-9165
Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.7EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
06 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Productos afectados
Red Hat · Red Hat Advanced Cluster Security 4