CVE Daily
← All tags

Tag: etcd

All CVEs associated with "etcd". Page 1/1 • 33 CVEs.

About “etcd”

A curated feed of “etcd”-related CVEs appears below. We currently track 33 CVEs for this tag (all time). In the last 365 days, 9 were published. Average CVSS is 6.7 (all time; 6.0 over 365d), and 58% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-863 - Incorrect Authorization, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-532 - Insertion of Sensitive Information into Log File.

In our taxonomy this topic maps to a LOW impact class. Container and Kubernetes fixes usually require image rebuilds and control plane or node upgrades. Prioritize exposed surfaces, restart workloads on patched bases, and tighten RBAC and NetworkPolicies. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: etcd

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
3.63.6.12-
3.53.5.31-
3.43.4.45 Expired
3.33.3.27 Expired
3.23.2.32 Expired
3.13.1.20 Expired
3.03.0.17 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “etcd”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-06-01
Medium

CVE-2026-10533

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged u…

CVSS: 5.0 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2026-05-28
High

CVE-2026-6720

When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embe…

CVSS: 7.2 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2026-05-14
Low

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requ…

CVSS: 0.0 CWE: CWE-863 - Incorrect Authorization View on NVD
2026-05-07
Critical

CVE-2026-42880

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo…

CVSS: 9.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2026-04-06
Medium

CVE-2026-33817

(This report has been withdrawn with reason: "Reporter and maintainer have confirmed this as false positive"). Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt

CVSS: 6.2 CWE: CWE-125 - Out-of-bounds Read View on NVD
2026-03-26
High

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use n…

CVSS: 0.0 CWE: CWE-863 - Incorrect Authorization View on NVD
2026-02-13
Critical

CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr de…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2025-09-09
High

CVE-2025-58063

CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used…

CVSS: 7.1 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
2024-08-12
High

CVE-2024-42480

Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers bei…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
2024-05-08
High

CVE-2024-4438

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red H…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-4437

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http:/…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2024-4436

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http:/…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-12-07
High

CVE-2023-46307

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified du…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-11-02
High

CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from…

CVSS: 7.2 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-08-22
High

CVE-2022-34038

Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-05-11
Low

CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease wh…

CVSS: 3.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-04-26
Medium

CVE-2023-30841

Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deplo…

CVSS: 6.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-04-04
Critical

CVE-2021-28235

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2023-03-22
Medium

CVE-2023-28114

`cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,`cilium-cli`, when used to configure cluster mesh functiona…

CVSS: 4.8 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
2023-01-17
Medium

CVE-2023-0296

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the…

CVSS: 5.3 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2020-08-06
High

CVE-2020-15114

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoin…

CVSS: 7.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2020-15115

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess…

CVSS: 5.8 CWE: CWE-521 - Weak Password Requirements View on NVD
2020-08-05
Medium

CVE-2020-15113

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS con…

CVSS: 5.7 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2020-15112

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are b…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-15106

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2019-04-24
High

CVE-2019-3786

Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file o…

CVSS: 7.1 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-03-08
High

CVE-2019-3779

Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2019-01-14
High

CVE-2018-16886

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
2018-06-15
Critical

CVE-2018-1085

openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CE…

CVSS: 9.0 CWE: CWE-592 View on NVD
2018-04-03
Medium

CVE-2018-1099

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other add…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-1098

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done wit…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2015-11-06
Medium

CVE-2015-5305

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handle…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox