Csi Driver For Nfs
Approved changes feed: RSS · Atom
cpe:2.3:a:kubernetes:csi_driver_for_nfs:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Kubernetes (3ee05930-9e42-51b2-ad52-30832f573b15) |
|---|---|
| Product | Csi Driver For Nfs (79e403f0-b891-5a10-9efa-4ed96901c0d3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-3864 |
vulnerable | 2026-06-03 15:23:33.642762 |
CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server
MEDIUM (6.5)
A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequences (../). During volume deletion or cleanup operations, the driver could operate on unintended directories outside the intended managed path within the NFS export. This may lead to deletion or modification of directories on the NFS server.
Published: 2026-03-20T22:21:33.827Z
Updated: 2026-03-23T14:13:53.553Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.