漏洞概述 漏洞编号: Bug 2480505 (CVE-2026-9165) 漏洞描述: stackrox: stackrox: Unbounded GraphQL query depth allows authenticated denial of service 状态: NEW 报告日期: 2026-05-21 13:28 UTC by OSIDB Bzimport 修改日期: 2026-07-06 08:40 UTC 影响范围 产品: Security Response 组件: vulnerability 硬件: All 操作系统: Linux 优先级: high 严重程度: high 目标里程碑: Product Security 修复方案 修复版本: 未指定 关闭日期: 未指定 环境: 未指定 最后关闭: 未指定 Embargoed: 未指定 详细描述 描述: A flaw was found in RMCS Central. The GraphQL API (/api/graphql) does not enforce a maximum query depth when the schema is built. The schema includes recursive type relationships; an authenticated user can submit deeply nested queries that cause excessive resolver and database work, leading to high CPU and memory use and denial of service for Central. 附件 附件名称: 2026-05-21 13:28:42 UTC 描述: 其他信息 CC List: 5 users TreeView: Depends on / blocked 备注 需要登录才能评论或对此bug进行更改。