{"data":{"id":"d017e01f-54a4-4c46-abf0-fcf51fcf3d0b","title":"GHSA-q8m4-xhhv-38mg: etcd: Authorization bypasses in multiple APIs","summary":"etcd (a distributed key-value store used in systems like Kubernetes) has multiple authorization bypass vulnerabilities that let unauthorized users call sensitive functions like MemberList, Alarm, Lease APIs, and compaction when the gRPC API (a communication protocol for remote procedure calls) is exposed to untrusted clients. These vulnerabilities are patched in etcd versions 3.6.9, 3.5.28, and 3.4.42, and typical Kubernetes deployments are not affected because Kubernetes handles authentication separately.","solution":"Upgrade to etcd 3.6.9, etcd 3.5.28, or etcd 3.4.42. If upgrading is not immediately possible, restrict network access to etcd server ports so only trusted components can connect, and require strong client identity at the transport layer such as mTLS (mutual TLS, where both client and server verify each other's identity) with tightly scoped client certificate distribution.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-q8m4-xhhv-38mg","publishedAt":"2026-03-20T20:48:14.000Z","cveId":"CVE-2026-33413","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":["go.etcd.io/etcd@<= 3.3.27","go.etcd.io/etcd/v3@<= 3.4.41 (fixed: 3.4.42)","go.etcd.io/etcd/v3@>= 3.5.0-alpha.0, <= 3.5.27 (fixed: 3.5.28)","go.etcd.io/etcd/v3@>= 3.6.0-alpha.0, <= 3.6.8 (fixed: 3.6.9)"],"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-20T20:48:14.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}