Primary

Context

etcd Nested Transaction Vulnerability Bypasses RBAC Authorization

Vulnerability

Patched

A vulnerability exists in etcd, a distributed key-value store, prior to versions 3.4.42, 3.5.28, and 3.6.9. Authenticated users with RBAC restricted permissions on key ranges can exploit nested transactions to bypass key-level authorization. This allows access to the entire etcd data store, disregarding key range restrictions. While Kubernetes typically uses its own authentication and authorization methods, this vulnerability could impact other systems that rely on etcd's built-in RBAC.

Impact

Exploitation allows authenticated users to bypass key-level authorization, accessing the entire etcd data store without restrictions.

Remediation

Users can upgrade to etcd versions 3.4.42, 3.5.28, or 3.6.9. If an immediate upgrade is not possible, the affected RPCs can be treated as unauthenticated, restrict network access to etcd server ports, and require strong client identity at the transport layer, such as mTLS with tightly scoped client certificate distribution.

Added: Mar 26, 2026, 2:23 PM

Updated: Mar 26, 2026, 2:23 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

etcd Nested Transaction Vulnerability Bypasses RBAC Authorization

Vulnerability

Impact

Remediation

Affected Products

etcd

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating