Throughout my career, I've always gravitated toward two things: technology infrastructure, and cybersecurity. Being awarded with CVE-2026-10533 was a pleasure and a privilege, as I got to contribute to the security community not through the normal red-team lenses of memory corruption, obfuscated payloads, or social engineering. Instead, this CVE was discovered by asking a much simpler question:
What happens when a tenant consumes a shared cluster resource that nobody is measuring?
Let's break this question down a bit, to understand the exploit methodology. If you're already an expert in OpenShift administration, feel free to skip the next section.
