Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Network-reachable GraphQL API with low complexity and a required API token gives AV:N/AC:L/PR:L; availability-only impact confined to Central yields A:H and S:U (I judge scope unchanged, unlike vendor S:C).
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.
AnalysisAI
Authenticated denial of service in Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4 allows any user holding a valid API token to exhaust Central's resources. Because Central does not cap the nesting depth of queries served on its authenticated GraphQL API, a single deeply nested query can drive excessive CPU and memory consumption and take down the RHACS management plane. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session against Central's GraphQL API - specifically a valid RHACS API token (PR:L) - and network reachability to the Central endpoint (AV:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H (7.7, High) is internally consistent with the description: network-reachable API, low complexity, low privileges (a valid API token), no user interaction, and a pure availability impact with no confidentiality or integrity loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An insider or a user whose RHACS API token has leaked authenticates to Central's GraphQL API and submits a single deeply nested query. Central attempts to resolve the exponentially expanding query tree, spiking CPU and memory until it becomes unresponsive, cutting off security policy enforcement and monitoring for every cluster Central manages. … |
| Remediation | No vendor-released patch version is specified in the available data, so consult the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-9165 for the fixed RHACS 4.x release and upgrade Central to it once published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: audit all issued API tokens, revoke unnecessary credentials, and restrict token creation to essential service accounts only; enable GraphQL API query logging and monitoring. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41859
GHSA-fw53-q2vg-jr6g