Unauthorized Access Vulnerability in etcd Distributed Key-Value Store
CVE-2026-33413

8.8HIGH

Key Information:

Vendor: Etcd-io
Status: Etcd
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-33413?

etcd, a distributed key-value store vital for managing data in distributed systems, has a vulnerability allowing unauthorized users to bypass authentication and authorization checks. This can enable malicious actors to call various etcd functions in clusters that expose the gRPC API to untrusted clients. Unpatched instances may lead to significant risks, including unauthorized access to cluster topology information, operational disruptions via alarm abuse, interference with lease management, and irreversible data removal through compaction. Strengthening network access controls and enforcing strict client authentication measures are crucial for mitigating these vulnerabilities.

Affected Version(s)

etcd >= 3.6.0-alpha.0, < 3.6.9 < 3.6.0-alpha.0, 3.6.9

etcd >= 3.5.0-alpha.0, < 3.5.28 < 3.5.0-alpha.0, 3.5.28

etcd < 3.4.42 < 3.4.42

References

https://github.com/etcd-io/etcd/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 19, 2026

CVE-2026-33413 Data

JSON

Etcd-io

What is CVE-2026-33413?

Affected Version(s)

References

CVSS V4

Timeline