Auth bypass in Etcd-io Etcd

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that…

Vulnerability class: Broken Access Control

EPSS: 0.000 (12.0th percentile) — read the EPSS interpretation.

Affected products

Etcd-io Etcd — versions >= 3.6.0-alpha.0, < 3.6.9, >= 3.5.0-alpha.0, < 3.5.28, < 3.4.42

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg (x_refsource_CONFIRM)