Main Vulnerability Database Vulnerabilities #VU130109

Improper access control in etcd - #VU130109

Published: May 5, 2026

Vulnerability identifier: #VU130109

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: etcd-io

Affected software:
etcd

Detailed vulnerability description

The vulnerability allows a remote attacker to access unauthorized data.

The vulnerability exists due to improper access control in transaction operations when processing Put requests with PrevKv enabled. A remote attacker can send a specially crafted transaction request to access unauthorized data.

Kubernetes deployments that rely on the API server for authentication and authorization are not affected.

Remediation

Install security update from vendor's website.

Sources

https://github.com/etcd-io/etcd/security/advisories/GHSA-x35m-3gp4-4fh5

Improper access control in etcd - #VU130109

Detailed vulnerability description

Remediation

Sources

Please verify you're human