{"id":81576,"date":"2026-07-06T12:46:39","date_gmt":"2026-07-06T09:16:39","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-9165-stackrox-stackrox-unbounded-graphql-query-depth-allows-authenticated-denial-of-service\/"},"modified":"2026-07-06T12:46:39","modified_gmt":"2026-07-06T09:16:39","slug":"cve-2026-9165-stackrox-stackrox-unbounded-graphql-query-depth-allows-authenticated-denial-of-service","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-9165-stackrox-stackrox-unbounded-graphql-query-depth-allows-authenticated-denial-of-service\/","title":{"rendered":"CVE-2026-9165 &#8211; Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service"},"content":{"rendered":"<p>CVE ID :CVE-2026-9165<\/p>\n<p>  Published : July 6, 2026, 9:16 a.m. | 31\u00a0minutes ago<\/p>\n<p>  Description :A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane.<\/p>\n<p>  Severity: 7.7 | HIGH<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-9165 Published : July 6, 2026, 9:16 a.m. | 31\u00a0minutes ago Description :A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-81576","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=81576"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/81576\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=81576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=81576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=81576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}