CVE-2026-33413

medium

Red Hat

CVSS v3 Base Score

7.7

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

Low

Integrity

High

Availability

High

Published: March 26, 2026 (49 days ago)

Last Modified: March 26, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authentication or authorization checks when the gRPC API is exposed to untrusted clients. This allows them to access sensitive cluster topology information, disrupt operations through alarms, interfere with lease management, and trigger data compaction, leading to permanent data loss and disruption of critical workflows. This vulnerability can result in information disclosure and denial of service.

CWE

CWE-306

Affected Products

Multicluster Global HubOpenShift Service Mesh 2Red Hat Ansible Automation Platform 2Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com

CVE-2026-33413

Vulnerability Report

Description

CWE

Affected Products

References