AWS EFS CSI Driver Mount Option Injection_CVE-2026-6437

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Description

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.

To remediate this issue, users should upgrade to version v3.0.1

Basic Information

ID CVE-2026-6437

Source AMZN

Published Apr 17, 2026 at 18:41

Modified Apr 17, 2026 at 18:45

Affected Product

Vendor Amazon

Product AWS EFS CSI Driver

Version 3.0.1

CWE Classification

CWE-88

References

{
    "lastseen": "",
    "description": "Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.\n\n\n\n\nTo remediate this issue, users should upgrade to version v3.0.1",
    "published": "2026-04-17T18:41:36.075Z",
    "modified": "2026-04-17T18:45:00.897Z",
    "type": "cve",
    "title": "AWS EFS CSI Driver Mount Option Injection",
    "source": "AMZN",
    "references": "https://aws.amazon.com/security/security-bulletins/2026-016-aws/\nhttps://github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw\nhttps://github.com/kubernetes-sigs/aws-efs-csi-driver/releases/tag/v3.0.1",
    "id": "CVE-2026-6437",
    "bulletinFamily": "",
    "cwe": [
        "CWE-88"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AWS EFS CSI Driver",
    "version": "3.0.1",
    "vendor": "Amazon",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}