Go.Etcd.Io Etcd vulnerabilities

CVE-2026-33413 [HIGH] CWE-862 etcd: Authorization bypasses in multiple APIs etcd: Authorization bypasses in multiple APIs ### Impact _What kind of vulnerability is it? Who is impacted?_ Multiple vulnerabilities allow unauthorized users to bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted clients. In unpatched etcd clusters with etcd auth enabled, unauthorized users are able to: - call MemberLis

CVE-2026-33343 [LOW] CWE-863 etcd: Nested etcd transactions bypass RBAC authorization checks etcd: Nested etcd transactions bypass RBAC authorization checks ### Impact _What kind of vulnerability is it? Who is impacted?_ An authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with direct access to etcd to effectively ignore all key range restrictions, accessing the entire etcd dat

CVE-2020-15114 [HIGH] CWE-400 Etcd Gateway can include itself as an endpoint resulting in resource exhaustion Etcd Gateway can include itself as an endpoint resulting in resource exhaustion ### Vulnerability type Denial of Service ### Detail The etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting

CVE-2020-15136 [MEDIUM] CWE-287 Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records ### Vulnerability type Cryptography ### Workarounds Refer to the [gateway documentation](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md). The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. ### Detail When

CVE-2020-15106 [LOW] CWE-20 Panic due to malformed WALs in go.etcd.io/etcd Panic due to malformed WALs in go.etcd.io/etcd ### Vulnerability type Data Validation ### Detail The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. ### Specific Go Packages Affected github.com/etc

CVE-2018-16886 [HIGH] CWE-285 go.etcd.io/etcd Authentication Bypass go.etcd.io/etcd Authentication Bypass etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a RE

CVE-2018-1099 [MEDIUM] CWE-20 DNS Rebinding in etcd DNS Rebinding in etcd DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).