VulniosVulnios
All Threat Alerts
criticalOSINT Alert
CVE-2026-6437

CVE-2026-6437 - Mount Option Injection in Amazon EFS CSI Driver

Bulletin ID: 2026-016-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/17 11:15 AM PDT Description: The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. We identified CVE-2026-6437, where an actor with PersistentVolume creation privileges can inject arbitrary mount options via two unsanitized fields: the Access Point ID in volumeHandle and the mounttargetip volumeAttribute. In bot

Friday, April 17, 2026KubernetesVulnios Threat Intelligence
Share:

Executive Summary

Bulletin ID: 2026-016-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/17 11:15 AM PDT Description: The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. We identified CVE-2026-6437, where an actor with PersistentVolume creation privileges can inject arbitrary mount options via two unsanitized fields: the Access Point ID in volumeHandle and the mounttargetip volumeAttribute. In bot

Source

  • Original Article

    • AI Security Advisor

    Powered by Gemini

    Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

    Affected Products

    Kubernetes

    Sources

    awscloudpatchics-otmalwareinfrastructureKubernetesAWS

    Protect Your Organization

    Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

    Get Started FreeFree Security ScanOSINT Dashboard

    Get instant alerts on Telegram

    Join our public channel for real-time critical CVE alerts.

    Follow @vulnios