cbcvebase.
CVE-2026-44283
published 2026-05-14

CVE-2026-44283: etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via…

PriorityP425medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.22%
13.0th percentile
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may be able to access unauthorized data or attach leases by invoking transaction operations with these features enabled. This vulnerability is fixed in 3.4.44, 3.5.30, and 3.6.11.

Affected

13 ranges
VendorProductVersion rangeFixed in
etcd-ioetcd< 3.4.443.4.44
etcd-ioetcd
etcd-ioetcd
etcdetcd< 3.4.443.4.44
etcdetcd
etcdetcd>= 3.5.0 < 3.5.303.5.30
etcdetcd>= 3.6.0 < 3.6.113.6.11
go.etcd.ioetcd>= 0 < 3.4.443.4.44
go.etcd.ioetcd_v3>= 3.5.0 < 3.5.303.5.30
go.etcd.ioetcd_v3>= 3.6.0 < 3.6.113.6.11
openshift4ose-etcd-rhel9
rhosp-rhel8openstack-etcd
rhosp-rhel9openstack-etcd

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.