Photon OS 5.0: Etcd PHSA-2026-5.0-0802

An update of the etcd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0802. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-33343 affecting package etcd for versions less than 3.5.28-1

CVE-2026-33343 affecting package etcd for versions less than 3.5.28-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-33413 affecting package etcd for versions less than 3.5.28-1

CVE-2026-33413 affecting package etcd for versions less than 3.5.28-1. An upgraded version of the package is available that resolves this issue...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: flannel, slsa-verifier, vexctl, vault-benchmark, docker-machine-driver-harvester, xeol, argo-rollouts, cue, kubescape-operator, aws-node-termination-handler, crossplane-provider-azure-authorization, ingress-nginx-controller, cluster-api-provider-vsphere,...

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: kube-metrics-adapter, xeol, terraform-mcp-server, kubescape-operator, aws-node-termination-handler, grafana-alloy, cluster-api-provider-vsphere, kube-rbac-proxy, kaniko, k9s, steampipe, kine, falco-no-driver, azurefile-csi, kyverno-policy-reporter, zot, otel-cli,...

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: agentbeat, zot, jaeger-operator, rancher-support-bundle-kit, skaffold, clickhouse-operator, grafana-rollout-operator, kube-logging-operator, kyverno-fips, op-geth, spicedb-fips, cloudflared, docker-cli-buildx, bento-fips, keda-fips, harbor-fips, azuredisk-csi-fips,...

CVE-2026-39883 vulnerabilities

Vulnerabilities for packages: agentbeat, zot, jaeger-operator, rancher-support-bundle-kit, skaffold, clickhouse-operator, grafana-rollout-operator, kube-logging-operator, kyverno-fips, op-geth, spicedb-fips, cloudflared, docker-cli-buildx, bento-fips, keda-fips, harbor-fips, azuredisk-csi-fips,...

GO-2026-4806 Authorization bypasses in multiple APIs in go.etcd.io/etcd

Authorization bypasses in multiple APIs in go.etcd.io/etcd...

GO-2026-4808 Nested etcd transactions bypass RBAC authorization checks in go.etcd.io/etcd

Nested etcd transactions bypass RBAC authorization checks in go.etcd.io/etcd...

CVE-2026-33413 affecting package etcd for versions less than 3.5.28-1

CVE-2026-33413 affecting package etcd for versions less than 3.5.28-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-33343 affecting package etcd for versions less than 3.5.28-1

CVE-2026-33343 affecting package etcd for versions less than 3.5.28-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-33817

Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt...

Critical Photon OS Security Update - PHSA-2026-5.0-0802

Updates of 'libpng', 'strongswan', 'python3', 'glibc', 'python3-Pygments', 'python3-pyOpenSSL', 'rubygem-activesupport', 'nghttp2', 'sqlite', 'etcd', 'python3-requests' packages of Photon OS have been released...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33343)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33343 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33413)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33413 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-33343)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33343 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-33413)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33413 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...

etcd: Authorization bypasses in multiple APIs

...

BIT-ETCD-2026-33413 etcd: Authorization bypasses in multiple APIs

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

BIT-ETCD-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...