Auth bypass in Etcd

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to b…

Vulnerability class: Broken Access Control

EPSS: 0.000 (1.7th percentile) — read the EPSS interpretation.

Affected products

Etcd
Etcd-io Etcd — versions < 3.4.44, >= 3.5.0, <= 3.5.29, >= 3.6.0, <= 3.6.10

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

security-advisories@github.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)