CVE-2021-28235

⛔ critical

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

CVSS Score

9.8

Critical

EPSS Score

0.5

Exploit Probability

Published Date

2023-04-04

First Seen: 2026-01-05

This CVE is Very High Risk - more severe than 90.5% of all 329,778 vulnerabilities in our database.

#31,322

Top 10% most severe

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2025-02-18

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-287

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
etcd	etcd	Affected	v3.4.10

http://etcd.com

Broken Link

https://github.com/etcd-io/etcd

Product

Product

Product

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-44283	🔶 medium	0.0	0.0	etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulne...	2026-05-14
CVE-2026-33343	🔶 medium	0.0	0.0	etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,...	2026-03-26
CVE-2026-33413	⚠️ high	8.8	0.0	etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,...	2026-03-26
CVE-2022-34038	⚠️ high	7.5	0.6	Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: t...	2023-08-22
CVE-2023-32082	ℹ️ low	3.1	0.2	etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the Leas...	2023-05-11
CVE-2020-15106	🔶 medium	6.5	0.1	In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is st...	2020-08-05

These CVEs affect the same products