UBUNTU-CVE-2026-23297

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnlthreadssetdoit. syzbot reported memory leak of struct cred. 0 nfsdnlthreadssetdoit passes getcurrentcred to nfsdsvc, but putcred is not called after that. The cred is finally passed down to...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0962-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0962-1 advisory. The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38400)

In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...

EUVD-2026-13831

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

GHSA-2MJQ-54QG-7W6J NFS CSI driver for Kubernetes is Vulnerable to Path Traversal through Volume Identifier Parameter

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

NFS CSI driver for Kubernetes is Vulnerable to Path Traversal through Volume Identifier Parameter

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

CVE-2026-3864

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

CVE-2026-3864

CVE-2026-3864 affects the Kubernetes CSI Driver for NFS (csi-driver-nfs). The vulnerability arises from insufficient validation of the subDir parameter in volume identifiers, enabling path traversal (../) when creating PersistentVolumes and during volume deletion/cleanup. An attacker with PV crea...

CVE-2026-3864 CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

Kubernetes（K8s） 安全漏洞

Kubernetes K8s is an open-source system developed under the Kubernetes project, used for automated deployment, scaling, and management of containerized applications. There is a security vulnerability in Kubernetes K8s, which stems from insufficient validation of the subDir parameter in volume...

PT-2026-25942

Name of the Vulnerable Software and Affected Versions Kubernetes CSI Driver for NFS affected versions not specified Description A flaw exists in the Kubernetes CSI Driver for NFS related to insufficient validation of the subDir parameter within volume identifiers. An attacker capable of creating...

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-1537)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : media: v4l2-mem2mem: add lock to protect parameter numrdyCVE-2023-53519 md: Replace snprintf with scnprintfCVE-2022-50299 mm/vmscan...

ROS-20260313-73-0009

A vulnerability in the nfsfsprocnetinit function of the NFS file system of the Linux operating system kernel is related to incorrect resource cleanup or release. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CLSA-2026-1773311565 nfs-utils: Fix of CVE-2025-12801

CVE-2025-12801: fix rpc.mountd privilege escalation allowing NFSv3 clients to bypass rootsquash and allsquash when mounting subdirectories...

SUSE CVE-2025-12801

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...

RLSA-2026:3940 Moderate: nfs-utils security update

The nfs-utils packages provide a daemon for the kernel Network File System NFS server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Security Fixes:...

RLSA-2026:3938 Moderate: nfs-utils security update

The nfs-utils packages provide a daemon for the kernel Network File System NFS server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Security Fixes:...

RockyLinux 9 : nfs-utils (RLSA-2026:3940)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:3940 advisory. nfs-utils: rpc.mountd in the nfs-utils privilege escalation CVE-2025-12801 Tenable has extracted the preceding description block directly from the RockyLinux...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1244)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid use-after-free...

CLSA-2026-1773045484 kernel: Fix of 28 CVEs

fix: dm: fix dmblkreportzones CVE-2025-38141 - ice: Fix a null pointer dereference in icecopyandinitpkg CVE-2025-38664 - qed: Don't collect too many protection override GRC elements CVE-2025-39949 - drm/amd/display: Avoid a NULL pointer dereference CVE-2025-39693 - iommu/amd/pgtbl: Fix possible...