CVE-2026-6437: Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields
The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command, allowing injection of arbitrary mount options.
References
- aws.amazon.com/security/security-bulletins/2026-016-aws
- github.com/advisories/GHSA-mph4-q2vm-w2pw
- github.com/kubernetes-sigs/aws-efs-csi-driver
- github.com/kubernetes-sigs/aws-efs-csi-driver/commit/51806c22c5754bfbdeca6910f15571a07921b784
- github.com/kubernetes-sigs/aws-efs-csi-driver/releases/tag/v3.0.1
- github.com/kubernetes-sigs/aws-efs-csi-driver/security/advisories/GHSA-mph4-q2vm-w2pw
- nvd.nist.gov/vuln/detail/CVE-2026-6437
Code Behaviors & Features
Detect and mitigate CVE-2026-6437 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →