go.etcd.io/etcd/v3 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package go.etcd.io/etcd/v3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2021-28235 — CVSS 9.8 (critical): Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
CVE-2018-1098 — CVSS 8.8 (high): A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request…
CVE-2026-33413 — CVSS 8.8 (high): etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users…
CVE-2018-16886 — CVSS 8.1 (high): etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control…
CVE-2020-15112 — CVSS 6.5 (medium): In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method…
CVE-2020-15106 — CVSS 6.5 (medium): In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length…
CVE-2026-33343 — CVSS 0.0 (none): etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated…
CVE-2026-44283 — CVSS 0.0 (none): etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd…