Skip to main content

Kubernetes EUVDEUVD-2026-13831

| CVE-2026-3864 MEDIUM
Path Traversal (CWE-22)
2026-03-20 kubernetes GHSA-2mjq-54qg-7w6j
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 20, 2026 - 22:31 euvd
EUVD-2026-13831
Analysis Generated
Mar 20, 2026 - 22:31 vuln.today
CVE Published
Mar 20, 2026 - 22:21 nvd
MEDIUM 6.5

DescriptionCVE.org

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequences (../). During volume deletion or cleanup operations, the driver could operate on unintended directories outside the intended managed path within the NFS export. This may lead to deletion or modification of directories on the NFS server.

AnalysisAI

The Kubernetes NFS CSI Driver fails to properly validate the subDir parameter in volume identifiers, allowing privileged users to inject path traversal sequences that bypass intended directory restrictions. Attackers with PersistentVolume creation privileges can craft malicious volume identifiers to access and modify arbitrary directories on the NFS server during cleanup operations. No patch is currently available for this medium-severity vulnerability affecting Kubernetes environments.

Technical ContextAI

The Kubernetes Container Storage Interface (CSI) Driver for NFS (cpe:2.3:a:kubernetes:csi_driver_for_nfs:*:*:*:*:*:*:*:*) is a storage driver that manages NFS-based persistent volumes in Kubernetes clusters. The vulnerability stems from improper input validation of the subDir parameter in volume identifiers, which is a CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, Path Traversal) weakness. During volume lifecycle operations, particularly deletion and cleanup, the driver fails to sanitize path components and validate that operations remain within the intended NFS export directory. An attacker can inject relative path traversal sequences (../) to navigate outside the restricted directory scope and reach parent or sibling directories on the NFS server.

RemediationAI

Patch the Kubernetes CSI Driver for NFS to the latest patched version as soon as it becomes available through official Kubernetes channels; check the security announcement at https://groups.google.com/g/kubernetes-security-announce/c/i4ZKN9VLcUE for specific version numbers. Until patching is possible, implement restrictive RBAC policies to limit PersistentVolume creation and modification to trusted administrators only, and audit all PersistentVolume definitions referencing the NFS CSI driver for suspicious subDir parameters containing traversal sequences. Consider implementing admission controllers or policy enforcement tools (such as Kyverno or OPA/Gatekeeper) to validate and reject subDir parameters that contain ../ sequences or other path traversal indicators before they reach the driver.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise High Performance Computing 12 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Containers 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

EUVD-2026-13831 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy