VYPR
None severity0.0GHSA Advisory· Published May 14, 2026· Updated May 15, 2026

CVE-2026-44283

CVE-2026-44283

Description

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may be able to access unauthorized data or attach leases by invoking transaction operations with these features enabled. This vulnerability is fixed in 3.4.44, 3.5.30, and 3.6.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
go.etcd.io/etcd/v3Go
>= 3.6.0, < 3.6.113.6.11
go.etcd.io/etcd/v3Go
>= 3.5.0, < 3.5.303.5.30
go.etcd.io/etcdGo
< 3.4.443.4.44

Affected products

17

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.