MEDIUM SeverityCVSS 4.06.9CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N
CVE-2026-6437
Last updated Apr 17, 2026 · Published Apr 17, 2026
Description
Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1
Affected products
1 listed- Amazon:AWS EFS CSI Driver
Mappings
CWE
CWE-88
CAPEC
CAPEC-6
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms