CVE-2026-9165

Red Hat · Red Hat Advanced Cluster Security (RHACS)

A flaw in Red Hat Advanced Cluster Security (RHACS) allows for uncontrolled resource consumption, potentially leading to denial-of-service conditions.

Executive summary

A critical resource consumption vulnerability in Red Hat Advanced Cluster Security (RHACS) could allow an authenticated attacker to cause a denial-of-service.

Vulnerability

The software is susceptible to a CWE-400: Uncontrolled Resource Consumption vulnerability. This flaw can be triggered by an authenticated user with low privileges, allowing them to exhaust system resources and negatively impact service availability.

Business impact

The vulnerability carries a CVSS score of 7.7 (High). Successful exploitation could result in significant service disruption or downtime for the affected cluster security infrastructure, hindering security monitoring and management capabilities. Organizations relying on RHACS for compliance and security posture management may face operational risks if the service becomes unavailable.

Remediation

Immediate Action: Review the official Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-9165 to identify the specific patched version and apply the update immediately.

Proactive Monitoring: Monitor system resource usage (CPU/Memory) within the RHACS environment for unusual spikes that may indicate exploitation attempts.

Compensating Controls: Implement resource quotas and rate limiting at the cluster level to mitigate the impact of potential resource exhaustion attacks.

Exploitation status

Public Exploit Available: False

Analyst recommendation

Given the potential for denial-of-service, administrators should prioritize the assessment of their RHACS deployment. Apply the vendor-provided security patches as soon as they are made available to ensure the continued integrity and availability of your cluster security operations.