Description
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequences (../). During volume deletion or cleanup operations, the driver could operate on unintended directories outside the intended managed path within the NFS export. This may lead to deletion or modification of directories on the NFS server.
Published: 2026-03-20
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Loss
Action: Patch
AI Analysis

Impact

The vulnerability arises from insufficient validation of the subDir parameter within Kubernetes CSI Driver for NFS, enabling attackers to craft path traversal sequences such as "../" in volume identifiers. When the driver performs deletions or cleanup operations on those volumes, it resolves the path traversal and operates on directories outside the intended NFS export. This allows unintended deletion or modification of directories on the NFS server, compromising data integrity and availability.

Affected Systems

The affected product is Kubernetes CSI Driver for NFS. Versions prior to v4.13.1 are vulnerable, as the advisory recommends upgrading to 4.13.1 or newer. The driver is used in Kubernetes clusters to provide block storage through NFS exports; any cluster that employs the unpatched driver and permits users or workloads to create arbitrary PersistentVolumes is at risk.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The vulnerability is not listed in the CISA KEV catalog and no EPSS score is available. Exploitation requires permissions to create PersistentVolumes, typically cluster-admin or equivalent privileges. During a delete or orphan cleanup operation, the driver will resolve the path traversal before executing filesystem commands, enabling an attacker to permanently remove or alter data stored on the NFS server.

Generated by OpenCVE AI on March 20, 2026 at 23:23 UTC.

Remediation

Vendor Solution

Upgrade the CSI Driver for NFS to version 4.13.1 or later. As mitigations, restrict PersistentVolume creation privileges to trusted administrators and review NFS exports to ensure only intended directories are writable by the driver.

OpenCVE Recommended Actions

  • Upgrade the CSI Driver for NFS to version 4.13.1 or later.
  • Restrict PersistentVolume creation privileges to trusted administrators.
  • Review NFS exports to ensure only intended directories are writable by the driver.
  • Audit cluster resources to detect unauthorized PersistentVolumes and validate subDir values.

Generated by OpenCVE AI on March 20, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2mjq-54qg-7w6j NFS CSI driver for Kubernetes is Vulnerable to Path Traversal through Volume Identifier Parameter
History

Mon, 23 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Kubernetes
Kubernetes csi Driver For Nfs
Vendors & Products Kubernetes
Kubernetes csi Driver For Nfs

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
References

Fri, 20 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequences (../). During volume deletion or cleanup operations, the driver could operate on unintended directories outside the intended managed path within the NFS export. This may lead to deletion or modification of directories on the NFS server.
Title CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

Kubernetes Csi Driver For Nfs
cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published:

Updated: 2026-03-23T14:13:53.553Z

Reserved: 2026-03-10T06:18:16.575Z

Link: CVE-2026-3864

cve-icon Vulnrichment

Updated: 2026-03-20T23:10:38.486Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-20T23:16:48.303

Modified: 2026-03-23T14:32:02.800

Link: CVE-2026-3864

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:34:22Z

Weaknesses