Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3145 articles · 171742 vulns · 36/41 feeds (7d)
← Back to list
7.7
CVE-2026-9165EXPLOITED
red hat · red hat advanced cluster security

Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service

Description

A vulnerability was found in Red Hat Advanced Cluster Security for Kubernetes and classified as problematic. This affects an unknown function of the component Authenticated GraphQL API. Executing a manipulation can lead to resource consumption. This vulnerability is registered as CVE-2026-9165. It is possible to launch the attack remotely.

Affected Products

VendorProductVersions
red hatred hat advanced cluster security—

References

  • https://access.redhat.com/security/cve/CVE-2026-9165(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2480505(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier C
VulDB1h ago
CVE-2026-9165 | Red Hat Advanced Cluster Security for Kubernetes Authenticated GraphQL API resource consumption
→ No new info (linked only)
CVSS 3.17.7 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-400
PublishedJul 6, 2026
Last enriched1h agov2
Trending Score47
Source articles1
Independent1
Info Completeness7/14
Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

MEDIUMCVE-2026-14613EXP
Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission
Trending: 53
MEDIUMCVE-2026-14614EXP
Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource
Trending: 53
NONECVE-2026-58379EXP
Gimp: gimp: heap buffer overflow in read_channel_data()
Trending: 50
MEDIUMCVE-2026-14615
Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter
Trending: 34
HIGHCVE-2026-55628EXP
ImageMagick: Policy Bypass in concatenate operation due to missing checks
Trending: 32

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 6, 2026
Actively Exploited
Jul 6, 2026
Discovered by ZDM
Jul 6, 2026
Updated: description, activelyExploited
Jul 6, 2026

Version History

v2
Last enriched 1h ago
v2Tier C1h ago

Updated description with more details, marked exploit availability as false, and noted that the vulnerability is actively exploited.

descriptionactivelyExploited
via VulDB
v15h ago

Initial creation