go.etcd.io/etcd (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package go.etcd.io/etcd, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2026-33413 — CVSS 8.8 (high): etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users…
CVE-2018-16886 — CVSS 8.1 (high): etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control…
CVE-2020-15114 — CVSS 7.7 (high): In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However…
CVE-2020-15106 — CVSS 6.5 (medium): In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length…
CVE-2020-15112 — CVSS 6.5 (medium): In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method…
CVE-2020-15136 — CVSS 6.5 (medium): In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When…
CVE-2018-1099 — CVSS 5.5 (medium): DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the…
CVE-2026-33343 — CVSS 0.0 (none): etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated…
CVE-2026-44283 — CVSS 0.0 (none): etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd…