Aws Efs Csi Driver

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-6437 Go MEDIUM PATCH GHSA This Month

Improper neutralization of argument delimiters in AWS EFS CSI Driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection, potentially leading to privilege escalation or unauthorized data access within Kubernetes clusters using EFS storage. The vulnerability requires high privileges (PersistentVolume admin role) but can be exploited remotely over the network with low complexity. Vendor-released patch v3.0.1 is available.

Code Injection Aws Efs Csi Driver
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-6437 Go
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Improper neutralization of argument delimiters in AWS EFS CSI Driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection, potentially leading to privilege escalation or unauthorized data access within Kubernetes clusters using EFS storage. The vulnerability requires high privileges (PersistentVolume admin role) but can be exploited remotely over the network with low complexity. Vendor-released patch v3.0.1 is available.

Code Injection Aws Efs Csi Driver
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy