Primary

Context

ManageIQ Denial-of-Service Vulnerability via Malformed TimeProfile Creation

Vulnerability

Patched

A denial-of-service vulnerability has been identified in ManageIQ versions prior to radjabov-2. The issue arises in the ManageIQ API, where a malformed TimeProfile can be created. This improperly structured TimeProfile leads to timeouts in subsequent UI and API requests, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing requests to fail and potentially disrupting service availability.

Remediation

Users are advised to upgrade to ManageIQ version radjabov-2 or later. Alternatively, the patch available in commit 79cef10c7d0278d8a37c3f547c426948180df4df can be applied manually.

Added: Jan 21, 2026, 9:19 PM

Updated: Jan 21, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.5

remediation

7.7

relevance

2.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.5

remediation

7.7

relevance

2.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageIQ Denial-of-Service Vulnerability via Malformed TimeProfile Creation

Vulnerability

Impact

Remediation

Affected Products

ManageIQ

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating