Description
CVE confirmed to be a false positive
Published: 2026-04-06
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: None
Action: No Action
AI Analysis

Impact

The vulnerability was reported as an out‑of‑range index error in go.etcd.io/bbolt, but the report has been withdrawn after the maintainer confirmed the issue is a false positive. As a result, the vulnerability currently poses no security impact.

Affected Systems

The affected product is the bbolt key‑value store, available through the go.etcd.io/bbolt package. No specific version identifiers are listed in this advisory.

Risk and Exploitability

The CVSS score of 6.2 would normally indicate moderate severity, yet the EPSS score is less than 1% and the vulnerability is not listed in the CISA KEV catalog. Given that the problem has been validated as a false positive, there is no exploitation risk or applicable attack vector. The overall threat level is effectively negligible.

Generated by OpenCVE AI on April 8, 2026 at 17:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Confirm that your deployment is not known to contain a genuine out‑of‑range index issue in bbolt. Since the report has been withdrawn, no patch or configuration change is required. Keep the package updated to future releases that include any unrelated security fixes. Monitor the bbolt project or CVE database for any new alerts that might affect this component.

Generated by OpenCVE AI on April 8, 2026 at 17:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6jwv-w5xf-7j27 go.etcd.io/bbolt affected by index out-of-range vulnerability
History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description (This report has been withdrawn with reason: "Reporter and maintainer have confirmed this as false positive"). Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt CVE confirmed to be a false positive
Title WITHDRAWN: out-of-range-index in go.etcd.io/bbolt Vulnerability in go.etcd.io/bbolt

Wed, 08 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt (This report has been withdrawn with reason: "Reporter and maintainer have confirmed this as false positive"). Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt
Title Vulnerability in go.etcd.io/bbolt WITHDRAWN: out-of-range-index in go.etcd.io/bbolt

Wed, 08 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Etcd-io
Etcd-io bbolt
Vendors & Products Etcd-io
Etcd-io bbolt

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt
Title Vulnerability in go.etcd.io/bbolt
References

Subscriptions

Etcd-io Bbolt
cve-icon MITRE

Status: REJECTED

Assigner: Go

Published:

Updated: 2026-04-08T17:08:34.464Z

Reserved: 2026-03-23T20:35:32.815Z

Link: CVE-2026-33817

cve-icon Vulnrichment

Updated: 2026-04-06T19:23:47.201Z

cve-icon NVD

Status : Rejected

Published: 2026-04-06T19:16:27.677

Modified: 2026-04-08T18:26:00.870

Link: CVE-2026-33817

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-06T18:13:23Z

Links: CVE-2026-33817 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:50:35Z

Weaknesses