You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
etcd security
About this tag
The etcd security tag covers discussions about vulnerabilities and hardening in etcd, the distributed key-value store used by Kubernetes and other infrastructure. Content includes analysis of CVE-2026-44283, an authorization-bypass flaw in etcd that allows authenticated users to access unauthorized data via PrevKv or lease operations in transaction-based Put requests. The bug affects versions before 3.4.44, 3.5.30, and 3.6.11, and highlights how RBAC may not behave uniformly across all API paths. Topics also cover patch versions, mitigation strategies, and the broader lesson that etcd security flaws are often subtle infrastructure issues rather than dramatic remote-code-execution bugs.
CVE-2026-44283 is an etcd authorization-bypass vulnerability disclosed in May 2026 that affects versions before 3.4.44, 3.5.30, and 3.6.11, allowing authenticated users to obtain unauthorized data through PrevKv or attach leases inside transaction-based Put requests. The bug is not another...