← voltar
CVE-2026-9165

Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service

CVSS 7.7 HIGHCWE-400
Vexday Risk Score
18Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.7EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H