CVE-2026-10533: Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

Published Jun 1, 2026
·
Updated

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that accumulate in etcd, causing API server performance degradation across the cluster.

Affected Software

2 affected components
Red Hat OpenShift Container Platform
redhat OpenShift Container Platform=4.0

Event History

Jun 1, 2026
Data Sourced
via Red Hat·11:42 AM
DescriptionSeverityAffected Software
CVE Published
via MITRE·01:19 PM
Data Sourced
via MITRE·01:19 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-10533?

The severity of CVE-2026-10533 is rated as medium with a score of 5.

2

How does CVE-2026-10533 affect OpenShift users?

CVE-2026-10533 allows non-admin users to bypass resource quota limits and flood etcd with events, causing API degradation.

3

What versions of OpenShift are affected by CVE-2026-10533?

CVE-2026-10533 affects the OpenShift Container Platform, particularly versions prior to the fix related to this vulnerability.

4

How can I mitigate the impact of CVE-2026-10533?

Mitigation of CVE-2026-10533 involves restricting non-privileged users' ability to create pods in namespaces or applying available patches.

5

Is there a fix available for CVE-2026-10533?

Yes, fixes for CVE-2026-10533 are usually included in updates for the OpenShift Container Platform, so users should apply the latest patches.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203