Home / Vulnerability Intelligence / CVE-2026-33413

CVE-2026-33413 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 26, 2026

etcd - Authentication Bypass & Denial of Service

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

etcd < 3.4.42, 3.5.28, and 3.6.9 contains an authentication and authorization bypass caused by exposed gRPC API allowing unauthorized users to call sensitive functions, letting attackers disrupt operations and access cluster topology, exploit requires exposed gRPC API to untrusted clients.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 4.7%(Probability of exploitation in next 30 days)

Impact

Unauthorized users can disrupt cluster operations, remove historical data, and learn cluster topology, causing denial of service and operational disruption.

Mitigation

Upgrade to versions 3.4.42, 3.5.28, 3.6.9 or later; restrict network access and require strong client identity such as mTLS.

References

https://github.com/etcd-io/etcd/security/advisories/GHSA-q8m4-xhhv-38mg

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 26, 2026

🟠 CVE-2026-33413 - High (8.8) etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose t... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33413/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33413
Severity: High
CVSS Score: 8.8
Type: broken_authentication
Status: confirmed
EPSS: 4.7%
Social Posts: 1

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.7%Probability of exploitation in the next 30 days