CVE-2026-10533— Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10533
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that accumulate in etcd, causing API server performance degradation across the cluster.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4 | - | cpe:/a:redhat:openshift:4 |
II. Public POCs for CVE-2026-10533
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10533
请登录查看更多情报信息。
Other References for CVE-2026-10533 (1)
Same Patch Batch · Red Hat · 2026-06-01 · 4 CVEs total
| CVE-2026-43958 | 7.8 HIGH | Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service |
| CVE-2026-10118 | 7.8 HIGH | Poppler: integer overflow in poppler splashoutputdev::tilingpatternfill leads to heap buff |
| CVE-2026-10517 | 5.8 MEDIUM | Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconna |
IV. Related Vulnerabilities
Same product: Red Hat OpenShift Container Platform 4
- CVE-2026-42965
Openshift/router: openshift/router: cloud metadata ssrf via - CVE-2026-46579
Openshift/router: openshift/router: mtls client certificate - CVE-2026-7309
Openshift-controller-manager: openshift container platform: - CVE-2025-14443
Ose-openshift-apiserver: openshift api server: server-side r - CVE-2025-4437
Cri-o: large /etc/passwd file may lead to denial of service
Same vendor: Red Hat
- CVE-2026-43958
Rrdtool: rrdtool: stack buffer overflow allows local code ex - CVE-2026-10118
Poppler: integer overflow in poppler splashoutputdev::tiling - CVE-2026-10517
Clair: clair: unauthenticated ssrf via manifest layer uri en - CVE-2026-10101
Assisted-service: assisted-service: infraenv status leaks re - CVE-2026-42965
Openshift/router: openshift/router: cloud metadata ssrf via
Same weakness: CWE-770
- CVE-2026-40990
Unbounded cache for function definitions - CVE-2026-49361
Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerabi - CVE-2026-45023
AutoGP: Credit system bypassed via direct block execution in - CVE-2026-45292
opentelemetry-java: Unbounded Memory Allocation in W3C Bagga - CVE-2026-45078
Synapse CPU starvation (Denial of Service)
V. Comments for CVE-2026-10533
No comments yet