BIT-ETCD-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

wger 安全漏洞

WGER is an open-source project developed by the WGER Team, written in Django, and serves as a self-hosted FLOSS fitness/exercise, nutrition, and weight tracking application. Versions of WGER 2.4 and earlier contained security vulnerabilities, which were caused by improper handling of cache key...

PT-2026-26755

Name of the Vulnerable Software and Affected Versions etcd versions prior to 3.4.42 etcd versions prior to 3.5.28 etcd versions prior to 3.6.9 Description An authenticated user with Role-Based Access Control RBAC restricted permissions on key ranges can bypass key-level authorization using nested...