Skip to main content

Red Hat Advanced Cluster Security 4

1 CVEs product

Monthly

CVE-2026-9165 HIGH This Week

Authenticated denial of service in Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4 allows any user holding a valid API token to exhaust Central's resources. Because Central does not cap the nesting depth of queries served on its authenticated GraphQL API, a single deeply nested query can drive excessive CPU and memory consumption and take down the RHACS management plane. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the low-privilege network vector makes it trivial for any token holder to trigger.

Kubernetes Red Hat Denial Of Service Red Hat Advanced Cluster Security 4
NVD
CVSS 3.1
7.7
EPSS
0.3%
EPSS 0% CVSS 7.7
HIGH This Week

Authenticated denial of service in Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4 allows any user holding a valid API token to exhaust Central's resources. Because Central does not cap the nesting depth of queries served on its authenticated GraphQL API, a single deeply nested query can drive excessive CPU and memory consumption and take down the RHACS management plane. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the low-privilege network vector makes it trivial for any token holder to trigger.

Kubernetes Red Hat Denial Of Service +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy