CVE-2026-6437— AWS EFS CSI Driver Mount Option Injection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6437
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AWS EFS CSI Driver Mount Option Injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
参数注入或修改
Source: NVD (National Vulnerability Database)
Vulnerability Title
Amazon EFS CSI Driver 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Amazon EFS CSI Driver是Kubernetes SIGs开源的一个用于Kubernetes集群挂载AWS文件存储的CSI驱动。 Amazon EFS CSI Driver 3.0.1之前版本存在安全漏洞,该漏洞源于卷处理组件中对参数分隔符中和不当,可能导致具有PersistentVolume创建权限的远程经过身份验证的用户通过逗号注入注入任意挂载选项。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Amazon | AWS EFS CSI Driver | - | - |
II. Public POCs for CVE-2026-6437
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6437
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Amazon
- CVE-2026-8178
Remote Code Execution via Unsafe Class Loading in Amazon Red - CVE-2026-7791
Amazon WorkSpaces 安全漏洞 - CVE-2026-35558
Improper neutralization of special elements in authenticatio - CVE-2026-35559
Out-of-bounds write in query processing components in Amazon - CVE-2026-5485
OS command injection in Amazon Athena ODBC driver on Linux
Same weakness: CWE-88
- CVE-2026-45181
IDA Pro 9.2/9.3插件目录代码注入漏洞 - CVE-2026-42601
ArchiveBox Vulnerable to RCE via unvalidated per-crawl confi - CVE-2026-43941
Unvalidated shell.openExternal in electerm allows arbitrary - CVE-2026-42284
GitPython: Unsafe option check validates multi_options befor - CVE-2026-40281
Gotenberg vulnerable to argument injection via newlines in E
V. Comments for CVE-2026-6437
No comments yet