CVE-2026-6437

A flaw was found in the AWS EFS CSI Driver. Remote authenticated users with PersistentVolume creation permissions can exploit an improper neutralization of argument delimiters by injecting commas into volume handling arguments. This allows for the injection of arbitrary mount options, which could...

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields

Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...

EUVD-2026-23500

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields...

CVE-2026-6437

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

CVE-2026-6437

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

PT-2026-33485

Name of the Vulnerable Software and Affected Versions AWS EFS CSI Driver versions prior to v3.0.1 Description Improper neutralization of argument delimiters in the volume handling component allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount...

aws-efs-utils-2.3.3-1.1 on GA media (moderate)

aws-efs-utils-2.3.3-1.1 on GA media Announcement ID: openSUSE-SU-2025:15462-1 Rating: moderate Cross-References: CVE-2025-55159 CVSS scores: CVE-2025-55159 SUSE : 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2025-55159 SUSE : 5.8...

Cut Costs by Migrating from EFS to Object Storage

...

Medium: amazon-efs-utils

Issue Overview: efs-utils is a set of Utilities for Amazon Elastic File System EFS. A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to...

SUSE SLES12 Security Update : aws-efs-utils.11048 (SUSE-SU-2023:1761-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1761-1 advisory. - efs-utils is a set of Utilities for Amazon Elastic File System EFS. A potential race condition issue exists within the Amazon EFS mount...

SUSE SLES15 / openSUSE 15 Security Update : aws-efs-utils (SUSE-SU-2023:0423-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0423-1 advisory. - efs-utils is a set of Utilities for Amazon Elastic File System EFS. A potential race condition issue exists within the Amazo...

CVE-2022-46174

CVE-2022-46174 affects the Amazon EFS utilities (efs-utils) with a race condition in the EFS mount helper when TLS is used. In v1.34.3 and earlier, concurrent TLS-enabled mounts can allocate the same local port for stunnel/NFS, causing failed mounts or incorrect mapping of a customer’s local moun...