Zero Day MonitorZDM

← Back to list

5.0

CVE-2026-10533EXPLOITED

red hat · openshift container

Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

Description

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that accumulate in etcd, causing API server performance degradation across the cluster.

Affected Products

Vendor	Product	Versions
red hat	openshift container	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
red hat	openshift	cert_advisory	90%

References

https://access.redhat.com/security/cve/CVE-2026-10533(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2483727(issue-tracking, x_refsource_REDHAT)

Related News (4 articles)

Tier B

BSI Advisories4h ago

[UPDATE] [hoch] Red Hat OpenShift Container Platform: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes

→ No new info (linked only)

Tier B

BSI Advisories6d ago

[NEU] [UNGEPATCHT] [mittel] Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service

→ No new info (linked only)

Tier C

VulDB6d ago

CVE-2026-10533 | Red Hat OpenShift Container Platform 4 allocation of resources

→ No new info (linked only)

Tier B

BSI Advisories35d ago

[UPDATE] [mittel] Red Hat OpenShift Container Platform: Mehrere Schwachstellen ermöglichen Denial of Service

→ No new info (linked only)

CVSS 3.15.0 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-770

PublishedJun 1, 2026

Last enriched6d agov3

Tags

Denial of Servicedenial of serviceremote exploitanonymous attacker

Trending Score52

Source articles4

Independent2

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-11332EXP

Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

NONECVE-2026-9793EXP

Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

Information Disclosure Vulnerability in Ansible

NONECVE-2026-3238EXP

Samba: denial of service against ad dc wins server

NONECVE-2026-43958

Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 1, 2026

Discovered by ZDM

Jun 1, 2026

Updated: description, affectedVersions, severity

Jun 1, 2026

Updated: severity, exploitAvailable, activelyExploited, tags

Jun 2, 2026

Actively Exploited

Jun 2, 2026

Exploit Available

Jun 2, 2026

Version History

v3

Last enriched 6d ago

v3Tier B6d ago

Updated severity to HIGH, marked exploit as available, and added Denial of Service tag.

severityexploitAvailableactivelyExploitedtags

via BSI Advisories

v2Tier C6d ago

Updated description with new details, added affected version 4, changed severity to HIGH, and noted that no exploit is available.

descriptionaffectedVersionsseverity

via VulDB

v16d ago

Initial creation