CVE-2026-10533 PUBLISHED

Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

Assigner: redhat
Reserved: 01.06.2026 Published: 01.06.2026 Updated: 01.06.2026

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that accumulate in etcd, causing API server performance degradation across the cluster.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVSS Score: 5

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat OpenShift Container Platform 4
Versions	Default: affected

CVE-2026-10533 PUBLISHED

Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

Metrics

Product Status

Credits

References

Problem Types