BIT-etcd-2026-44283

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/etcd/BIT-etcd-2026-44283.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-etcd-2026-44283

Aliases

CVE-2026-44283
GHSA-x35m-3gp4-4fh5

Published

2026-05-18T05:39:24.166Z

Modified

2026-05-18T08:11:04.263879936Z

Summary

etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

Details

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may be able to access unauthorized data or attach leases by invoking transaction operations with these features enabled. This vulnerability is fixed in 3.4.44, 3.5.30, and 3.6.11.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:etcd:etcd:*:*:*:*:*:go:*:*"
    ]
}

References

Affected packages

Bitnami / etcd

Package

Name: etcd
Purl: pkg:bitnami/etcd

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.44

Introduced

3.5.0

Fixed

3.5.30

Introduced

3.6.0

Fixed

3.6.11

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/etcd/BIT-etcd-2026-44283.json"