Go.Etcd.Io Etcd V3 vulnerabilities

CVE-2026-33413 [HIGH] CWE-862 etcd: Authorization bypasses in multiple APIs etcd: Authorization bypasses in multiple APIs ### Impact _What kind of vulnerability is it? Who is impacted?_ Multiple vulnerabilities allow unauthorized users to bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted clients. In unpatched etcd clusters with etcd auth enabled, unauthorized users are able to: - call MemberLis

CVE-2026-33343 [LOW] CWE-863 etcd: Nested etcd transactions bypass RBAC authorization checks etcd: Nested etcd transactions bypass RBAC authorization checks ### Impact _What kind of vulnerability is it? Who is impacted?_ An authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with direct access to etcd to effectively ignore all key range restrictions, accessing the entire etcd dat

CVE-2022-34038 [HIGH] CWE-787 etcd denial of service vulnerability etcd denial of service vulnerability Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go

CVE-2020-15112 [MEDIUM] CWE-129 etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic ### Vulnerability type Data Validation ### Detail In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a run

CVE-2020-15106 [MEDIUM] etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic ### Vulnerability type Data Validation ### Detail In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime pan

CVE-2018-16886 [HIGH] CWE-285 go.etcd.io/etcd Authentication Bypass go.etcd.io/etcd Authentication Bypass etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a RE

CVE-2018-1098 [HIGH] CWE-352 etcd Cross-site Request Forgery (CSRF) etcd Cross-site Request Forgery (CSRF) A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.