{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6437", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "state": "PUBLISHED", "assignerShortName": "AMZN", "dateReserved": "2026-04-16T17:42:09.910Z", "datePublished": "2026-04-17T18:41:36.075Z", "dateUpdated": "2026-04-17T19:57:02.728Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2026-04-17T18:45:00.897Z"}, "title": "AWS EFS CSI Driver Mount Option Injection", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6: Argument Injection"}]}], "affected": [{"vendor": "Amazon", "product": "AWS EFS CSI Driver", "versions": [{"status": "unaffected", "version": "3.0.1"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.\n\n\n\n\nTo remediate this issue, users should upgrade to version v3.0.1", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before <code>v3.0.1 </code>allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.</p><p><br></p><p>To remediate this issue, users should upgrade to version <code>v3.0.1</code></p>"}]}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-016-aws/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw", "tags": ["third-party-advisory"]}, {"url": "https://github.com/kubernetes-sigs/aws-efs-csi-driver/releases/tag/v3.0.1", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-17T19:56:39.320224Z", "id": "CVE-2026-6437", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T19:57:02.728Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6437", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-17T19:56:39.320224Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T19:56:52.356Z"}}], "cna": {"title": "AWS EFS CSI Driver Mount Option Injection", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6: Argument Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Amazon", "product": "AWS EFS CSI Driver", "versions": [{"status": "unaffected", "version": "3.0.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-016-aws/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw", "tags": ["third-party-advisory"]}, {"url": "https://github.com/kubernetes-sigs/aws-efs-csi-driver/releases/tag/v3.0.1", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.\n\n\n\n\nTo remediate this issue, users should upgrade to version v3.0.1", "supportingMedia": [{"type": "text/html", "value": "<p>Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before <code>v3.0.1 </code>allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.</p><p><br></p><p>To remediate this issue, users should upgrade to version <code>v3.0.1</code></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}], "providerMetadata": {"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "shortName": "AMZN", "dateUpdated": "2026-04-17T18:45:00.897Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6437", "state": "PUBLISHED", "dateUpdated": "2026-04-17T19:57:02.728Z", "dateReserved": "2026-04-16T17:42:09.910Z", "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "datePublished": "2026-04-17T18:41:36.075Z", "assignerShortName": "AMZN"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "AWS EFS CSI Driver", "vendor": "Amazon", "versions": [{"status": "unaffected", "version": "3.0.1"}]}], "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amazon:efs_csi_driver:*:*:*:*:*:kubernetes:*:*", "matchCriteriaId": "6A6EA44D-2ECD-4CD5-91AD-2437511A009B", "versionEndExcluding": "3.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.\n\n\n\n\nTo remediate this issue, users should upgrade to version v3.0.1"}], "id": "CVE-2026-6437", "lastModified": "2026-06-17T11:00:49.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-6437", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-04-17T19:56:39.320224Z", "version": "2.0.3"}}]}, "published": "2026-04-17T19:16:40.150", "references": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"], "url": "https://aws.amazon.com/security/security-bulletins/2026-016-aws/"}, {"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Release Notes"], "url": "https://github.com/kubernetes-sigs/aws-efs-csi-driver/releases/tag/v3.0.1"}, {"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "tags": ["Vendor Advisory"], "url": "https://github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw"}], "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary"}]}

{"bugzilla": {"description": "github.com/kubernetes-sigs/aws-efs-csi-driver: AWS EFS CSI Driver: Arbitrary mount option injection", "id": "2459243", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459243"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-88", "details": ["A flaw was found in the AWS EFS CSI Driver. Remote authenticated users with PersistentVolume creation permissions can exploit an improper neutralization of argument delimiters by injecting commas into volume handling arguments. This allows for the injection of arbitrary mount options, which could lead to unauthorized access or modification of data."], "name": "CVE-2026-6437", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-aws-efs-csi-driver-container-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-17T18:41:36Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6437\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6437\nhttps://aws.amazon.com/security/security-bulletins/2026-016-aws/\nhttps://github.com/kubernetes-sigs/aws-efs-csi-driver/releases/tag/v3.0.1\nhttps://github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "3.0.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AWS EFS CSI Driver", "source": "cna", "vendor": "Amazon"}, "product": "aws_efs_csi_driver", "vendor": "amazon"}], "analysis": {"en": {"generated_at": "2026-04-18T17:11:29.060628+00:00", "value": {"mitigation_remediation": ["Update the AWS EFS CSI Driver to version v3.0.1 or later, which contains the fix for the mount option injection flaw.", "Restrict PersistentVolume creation permissions to only trusted users or service accounts, reducing the risk that an authenticated attacker can create malicious volumes.", "Audit and enforce strict validation of mount options in the driver configuration, and monitor Kubernetes API logs for unexpected mount option values."], "summary": {"action": "Patch", "impact": "Unauthorized configuration change via mount option injection"}, "threat_synthesis": {"affected_systems": "Affected products are the AWS EFS CSI Driver from Amazon, specifically all releases before version v3.0.1. Any Kubernetes cluster that uses these earlier driver versions is vulnerable unless the administrator applies the available patch.", "description_and_impact": "The vulnerability arises from improper neutralization of argument delimiters in the volume handling component of AWS EFS CSI Driver. This flaw allows a remote authenticated user who has permission to create a PersistentVolume to inject arbitrary mount options by manipulating a comma delimiter. Through this injection, the attacker can alter the mount options used when the EFS file system is mounted within a Kubernetes cluster. The impact of these altered options depends on the options supplied; based on typical mount option semantics, the attacker might potentially influence access control or performance characteristics. The precise consequences are not explicitly stated in the advisory, but it is inferred that the attacker could use the injected options to affect permissions or data visibility.", "risk_and_exploitability": "The CVSS score for this issue is 6.9, indicating a moderate severity. The EPSS score is not provided, and the vulnerability is not listed in CISA KEV, suggesting it may not yet be actively exploited. The likely attack vector is remote authenticated access via PersistentVolume creation rights. The attack requires the attacker to possess PV creation privileges and therefore is limited to environments where access controls are misconfigured or overly permissive. If these conditions are met, the attacker could deploy pods that mount EFS volumes with malicious options."}}}}, "created": "2026-04-17T20:35:10.736911+00:00", "updated": "2026-04-18T17:15:05.784268+00:00", "vendors": ["amazon", "amazon$PRODUCT$aws_efs_csi_driver"]}