<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Red Hat Advanced Cluster Security 4 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/red-hat-advanced-cluster-security-4/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 06 Jul 2026 09:27:36 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/red-hat-advanced-cluster-security-4/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-9165 - Red Hat Advanced Cluster Security for Kubernetes Central Component Denial of Service</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-9165-rhacs-dos/</link><pubDate>Mon, 06 Jul 2026 09:27:36 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-9165-rhacs-dos/</guid><description>An authenticated denial of service vulnerability (CVE-2026-9165) exists in the Red Hat Advanced Cluster Security for Kubernetes (RHACS) Central component, allowing attackers with a valid API token to send deeply nested GraphQL queries that cause excessive resource consumption and render the management plane unavailable.</description><content:encoded><![CDATA[<p>A high-severity flaw, identified as CVE-2026-9165, has been discovered in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Specifically, the vulnerability affects the Central component of RHACS, which serves as the management plane for cluster security. The issue stems from the authenticated GraphQL API's failure to limit the depth of incoming GraphQL queries. An attacker who has already obtained a valid API token for RHACS Central can exploit this by submitting excessively complex and deeply nested GraphQL queries. This malicious activity leads to uncontrolled resource consumption within the Central component, including CPU and memory. The consequence is a denial of service (DoS) for the entire RHACS management plane, preventing legitimate administrators from monitoring, configuring, or enforcing security policies across their Kubernetes clusters. This vulnerability highlights the importance of input validation and resource governance in API design, even for authenticated endpoints.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Initial Access (Prerequisite):</strong> An attacker gains unauthorized access to a valid API token for the Red Hat Advanced Cluster Security for Kubernetes (RHACS) Central component, potentially through credential compromise or misconfiguration.</li>
<li><strong>API Identification:</strong> The attacker identifies the authenticated GraphQL API endpoint exposed by the RHACS Central component.</li>
<li><strong>Query Crafting:</strong> The attacker constructs a GraphQL query with an intentionally deep and complex nesting structure, designed to demand significant computational resources from the server.</li>
<li><strong>Authenticated Request:</strong> The crafted, deeply nested GraphQL query is sent by the attacker to the RHACS Central authenticated GraphQL API, using the previously obtained valid API token.</li>
<li><strong>Uncontrolled Resource Consumption:</strong> RHACS Central's GraphQL API processes the received query without enforcing limits on query depth or complexity, causing an exponential increase in its resource utilization (CPU, memory, network).</li>
<li><strong>System Degradation:</strong> The Central component's performance rapidly deteriorates as it struggles to manage the overwhelming resource demands imposed by the malicious query.</li>
<li><strong>Denial of Service:</strong> The RHACS Central management plane becomes unresponsive or crashes due to resource exhaustion, effectively preventing legitimate administrative access and rendering the security platform inoperable.</li>
<li><strong>Operational Impact:</strong> Security operations are disrupted, leading to a loss of visibility, control, and enforcement capabilities for the targeted Kubernetes clusters, potentially creating a window for further attacks or compliance breaches.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The primary impact of CVE-2026-9165 is a denial of service (DoS) for the management plane of Red Hat Advanced Cluster Security for Kubernetes. This means that administrators would be unable to access, configure, or monitor their cluster security posture through the RHACS Central interface. Such an outage could lead to significant operational disruptions, potentially hindering the ability to respond to ongoing security incidents, apply necessary policy updates, or maintain compliance. While no specific victim counts or targeted sectors are provided, any organization utilizing vulnerable versions of RHACS could be affected, facing a critical loss of their security control plane.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li><strong>Patch CVE-2026-9165:</strong> Immediately apply the security updates provided by Red Hat to remediate CVE-2026-9165 on all affected Red Hat Advanced Cluster Security for Kubernetes Central components.</li>
<li><strong>Monitor RHACS Central Resources:</strong> Monitor the CPU, memory, and network utilization of your RHACS Central components for unusual spikes or sustained high usage, which could indicate attempted exploitation of the vulnerability.</li>
<li><strong>Review API Access:</strong> Regularly audit and rotate API tokens used for RHACS Central to minimize the window of opportunity for an attacker using a compromised token.</li>
</ul>
]]></content:encoded><category domain="severity">medium</category><category domain="type">advisory</category><category>kubernetes</category><category>red-hat</category><category>dos</category><category>vulnerability</category><category>graphql</category></item></channel></rss>