Description

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with direct access to etcd to effectively ignore all key range restrictions, accessing the entire etcd data store. Kubernetes does not rely on etcd’s built-in authentication and authorization. Instead, the API server handles authentication and authorization itself, so typical Kubernetes deployments are not affected. Versions 3.4.42, 3.5.28, and 3.6.9 contain a patch. If upgrading is not immediately possible, reduce exposure by treating the affected RPCs as unauthenticated in practice. Restrict network access to etcd server ports so only trusted components can connect and require strong client identity at the transport layer, such as mTLS with tightly scoped client certificate distribution.

INFO

Published Date :

2026-03-26T13:23:48.247Z

Last Modified :

2026-03-26T18:25:09.851Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33343 vulnerability.

Vendors Products
Etcd
  • Etcd
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33343.

URL Resource
https://github.com/etcd-io/etcd/security/advisories/GHSA-rfx7-8w68-q57q cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-33343 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-33343 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact