PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59818 etcd-io CVE debrief

CVE-2026-59818 is a vulnerability in etcd, a distributed key-value store. Prior to versions 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the gRPC listener. This allows a client with a revoked certificate to authenticate successfully over gRPC. The issue is fixed in versions 3.5.32 and 3.6.13. Users of etcd, especially those who have configured etcd with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, should be aware of this vulnerability.

Vendor
etcd-io
Product
etcd
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-10
Advisory published
2026-07-08
Advisory updated
2026-07-10

Who should care

Users of etcd, especially those who have configured etcd with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, should be aware of this vulnerability. They should check if their version of etcd is vulnerable and update to a fixed version if necessary. This includes operators, platform administrators, and security teams responsible for etcd deployments.

Technical summary

The vulnerability is caused by the lack of enforcement of the --client-crl-file Certificate Revocation List on the gRPC listener when etcd is configured with --listen-client-http-urls. This allows a client with a revoked certificate to authenticate successfully over gRPC. The issue is fixed in versions 3.5.32 and 3.6.13. Affected users should review their configurations and update to a fixed version if necessary.

Defensive priority

Medium

Recommended defensive actions

  • Check if the current version of etcd is vulnerable
  • Update to a fixed version of etcd (3.5.32 or 3.6.13) if necessary
  • Review and update the configuration of etcd to ensure that the --client-crl-file Certificate Revocation List is enforced on the gRPC listener
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-08T21:16:54.503Z and was last modified on 2026-07-10T19:03:20.407Z. The NVD entry is currently Undergoing Analysis. There is limited information available about the specific details of this vulnerability, and further verification is needed to understand its impact. Users should verify their etcd versions and configurations to determine if they are affected.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T21:16:54.503Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.