CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-6437

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-016-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/17 11:15 AM PDT Description: The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. We identified CVE-2026-6437, where an actor with PersistentVolume creation privileges can inject arbitrary mount options via two unsanitized fields: the Access Point ID in volumeHandle and the mounttargetip volumeAttribute. In both cases, appending comma-separated values causes the mount utility to parse them as separate mount options. No AWS service is affected. Impacted versions: EFS CSI Driver <&equal; v3.0.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
An actor can inject arbitrary mount options via unsanitized fields.
Who is affected
Users with PersistentVolume creation privileges in Kubernetes clusters using the EFS CSI Driver.
Urgency
Remediation is important to prevent unauthorized mount option injection.
Action
Update to a version of the EFS CSI Driver above v3.0.0.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-6437

Get an email if CVE-2026-6437 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-6437

CVE.org record

Embed the live status

CVE-2026-6437 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-6437 status](https://www.csirts.com/badge/CVE-2026-6437)](https://www.csirts.com/cve/CVE-2026-6437)