Authorization Bypass Vulnerability in etcd Distributed Key-Value Store
CVE-2026-44283

NONE

Key Information:

Vendor: Etcd-io
Status: Etcd
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-44283?

A vulnerability in etcd, a distributed key-value store designed for managing critical data, allows authenticated users to bypass Role-Based Access Control (RBAC) authorization checks. This flaw enables users without appropriate permissions to read unauthorized data or attach leases by leveraging specific transaction operations, including PrevKv and lease attachment in Put requests. This issue is present in versions prior to 3.4.44, 3.5.30, and 3.6.11, and has been addressed in subsequent releases.

Affected Version(s)

etcd < 3.4.44 < 3.4.44

etcd >= 3.5.0, <= 3.5.29 <= 3.5.0, 3.5.29

etcd >= 3.6.0, <= 3.6.10 <= 3.6.0, 3.6.10

References

https://github.com/etcd-io/etcd/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44283 Data

JSON

Etcd-io

What is CVE-2026-44283?

Affected Version(s)

References

CVSS V3.1

Timeline