CVEFinder.io

CVE-2026-44283

đŸ”ļ medium
🔍 Scan for this CVE
Summary

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may be able to access unauthorized data or attach leases by invoking transaction operations with these features enabled. This vulnerability is fixed in 3

Description

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may be able to access unauthorized data or attach leases by invoking transaction operations with these features enabled. This vulnerability is fixed in 3.4.44, 3.5.30, and 3.6.11.

CVSS Score
0.0
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-14
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 0.0% of all 328,009 vulnerabilities in our database.

#327,951
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: May 16, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
YES
Can be exploited automatically
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-15
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CWE IDs (Weakness Types)
CWE-863

đŸ“Ļ Affected Products 3

Vendor Product Status Affected Versions
etcd etcd Affected
< 3.4.44
etcd etcd Affected
> 3.5.0 < 3.5.30
etcd etcd Affected
> 3.6.0 < 3.6.11

🔗 References 1

https://github.com/etcd-io/etcd/security/advisories/...
Mitigation Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-33343 đŸ”ļ medium 0.0 0.0 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,... 2026-03-26
CVE-2026-33413 ⚠ī¸ high 8.8 0.0 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,... 2026-03-26
CVE-2022-34038 ⚠ī¸ high 7.5 0.6 Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: t... 2023-08-22
CVE-2023-32082 ℹī¸ low 3.1 0.2 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the Leas... 2023-05-11
CVE-2021-28235 ⛔ critical 9.8 0.5 Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug func... 2023-04-04
CVE-2020-15106 đŸ”ļ medium 6.5 0.1 In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is st... 2020-08-05
These CVEs affect the same products