{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/red-hat-advanced-cluster-security-4/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-9165"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Red Hat Advanced Cluster Security for Kubernetes","Red Hat Advanced Cluster Security 4"],"_cs_severities":["medium"],"_cs_tags":["kubernetes","red-hat","dos","vulnerability","graphql"],"_cs_type":"advisory","_cs_vendors":["Red Hat"],"content_html":"\u003cp\u003eA high-severity flaw, identified as CVE-2026-9165, has been discovered in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Specifically, the vulnerability affects the Central component of RHACS, which serves as the management plane for cluster security. The issue stems from the authenticated GraphQL API's failure to limit the depth of incoming GraphQL queries. An attacker who has already obtained a valid API token for RHACS Central can exploit this by submitting excessively complex and deeply nested GraphQL queries. This malicious activity leads to uncontrolled resource consumption within the Central component, including CPU and memory. The consequence is a denial of service (DoS) for the entire RHACS management plane, preventing legitimate administrators from monitoring, configuring, or enforcing security policies across their Kubernetes clusters. This vulnerability highlights the importance of input validation and resource governance in API design, even for authenticated endpoints.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access (Prerequisite):\u003c/strong\u003e An attacker gains unauthorized access to a valid API token for the Red Hat Advanced Cluster Security for Kubernetes (RHACS) Central component, potentially through credential compromise or misconfiguration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAPI Identification:\u003c/strong\u003e The attacker identifies the authenticated GraphQL API endpoint exposed by the RHACS Central component.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eQuery Crafting:\u003c/strong\u003e The attacker constructs a GraphQL query with an intentionally deep and complex nesting structure, designed to demand significant computational resources from the server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAuthenticated Request:\u003c/strong\u003e The crafted, deeply nested GraphQL query is sent by the attacker to the RHACS Central authenticated GraphQL API, using the previously obtained valid API token.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUncontrolled Resource Consumption:\u003c/strong\u003e RHACS Central's GraphQL API processes the received query without enforcing limits on query depth or complexity, causing an exponential increase in its resource utilization (CPU, memory, network).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSystem Degradation:\u003c/strong\u003e The Central component's performance rapidly deteriorates as it struggles to manage the overwhelming resource demands imposed by the malicious query.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDenial of Service:\u003c/strong\u003e The RHACS Central management plane becomes unresponsive or crashes due to resource exhaustion, effectively preventing legitimate administrative access and rendering the security platform inoperable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOperational Impact:\u003c/strong\u003e Security operations are disrupted, leading to a loss of visibility, control, and enforcement capabilities for the targeted Kubernetes clusters, potentially creating a window for further attacks or compliance breaches.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe primary impact of CVE-2026-9165 is a denial of service (DoS) for the management plane of Red Hat Advanced Cluster Security for Kubernetes. This means that administrators would be unable to access, configure, or monitor their cluster security posture through the RHACS Central interface. Such an outage could lead to significant operational disruptions, potentially hindering the ability to respond to ongoing security incidents, apply necessary policy updates, or maintain compliance. While no specific victim counts or targeted sectors are provided, any organization utilizing vulnerable versions of RHACS could be affected, facing a critical loss of their security control plane.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2026-9165:\u003c/strong\u003e Immediately apply the security updates provided by Red Hat to remediate CVE-2026-9165 on all affected Red Hat Advanced Cluster Security for Kubernetes Central components.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMonitor RHACS Central Resources:\u003c/strong\u003e Monitor the CPU, memory, and network utilization of your RHACS Central components for unusual spikes or sustained high usage, which could indicate attempted exploitation of the vulnerability.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReview API Access:\u003c/strong\u003e Regularly audit and rotate API tokens used for RHACS Central to minimize the window of opportunity for an attacker using a compromised token.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T09:27:36Z","date_published":"2026-07-06T09:27:36Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-9165-rhacs-dos/","summary":"An authenticated denial of service vulnerability (CVE-2026-9165) exists in the Red Hat Advanced Cluster Security for Kubernetes (RHACS) Central component, allowing attackers with a valid API token to send deeply nested GraphQL queries that cause excessive resource consumption and render the management plane unavailable.","title":"CVE-2026-9165 - Red Hat Advanced Cluster Security for Kubernetes Central Component Denial of Service","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-9165-rhacs-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - Red Hat Advanced Cluster Security 4","version":"https://jsonfeed.org/version/1.1"}