CVE-2026-6437

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1

kubernetes-sigs/aws-efs-csi-driver
kubernetes-sigs/aws-efs-csi-driver
CSI Driver for Amazon EFS https://aws.amazon.com/efs/
GitHubGitHub
798