None severity0.0GHSA Advisory· Published May 14, 2026· Updated May 15, 2026

CVE-2026-44283

Description

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may be able to access unauthorized data or attach leases by invoking transaction operations with these features enabled. This vulnerability is fixed in 3.4.44, 3.5.30, and 3.6.11.

Affected products

Etcd Io/EtcdGHSA
Range: <= 3.4.43

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-x35m-3gp4-4fh5ghsaADVISORY
github.com/etcd-io/etcd/security/advisories/GHSA-x35m-3gp4-4fh5nvdMitigationVendor Advisory
nvd.nist.gov/vuln/detail/CVE-2026-44283ghsa

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000