CVE-2026-44283
Last modified
CVE-2026-44283 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may be able to access unauthorized data or attach leases by invoking transaction operations with these features enabled. This vulnerability is fixed in 3.4.44, 3.5.30, and 3.6.11.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Etcd | Etcd | < 3.4.44 |
| Etcd | Etcd | >= 3.5.0, < 3.5.30 |
| Etcd | Etcd | >= 3.6.0, < 3.6.11 |
References
- https://github.com/etcd-io/etcd/security/advisories/GHSA-x35m-3gp4-4fh5Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-44283?
How severe is CVE-2026-44283?
How do I fix CVE-2026-44283?
Are you affected by CVE-2026-44283?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST