Main Vulnerability Database Vulnerabilities #VU126564

Input validation error in CSI Driver for Amazon EFS - CVE-2026-6437

Published: April 20, 2026

Vulnerability identifier: #VU126564

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-6437

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Kubernetes SIGs

Affected software:
CSI Driver for Amazon EFS

Detailed vulnerability description

The vulnerability allows a remote user to modify mount behavior by injecting arbitrary mount options.

The vulnerability exists due to improper input validation in the volumeHandle and mounttargetip fields when processing PersistentVolume definitions and volume attributes. A remote privileged user can append comma-separated values to these fields to modify mount behavior by injecting arbitrary mount options.

Exploitation requires PersistentVolume creation privileges.

How to mitigate CVE-2026-6437

Install security update from vendor's website.

Sources

https://github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw

Input validation error in CSI Driver for Amazon EFS - CVE-2026-6437

Detailed vulnerability description

How to mitigate CVE-2026-6437

Sources

Please verify you're human