[Security Advisory] CVE-2026-3864: CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server
Rita Zhang
Hello Kubernetes Community,
A vulnerability was identified in the Kubernetes CSI Driver for NFS where insufficient validation of the subDir parameter in volume identifiers could allow path traversal. A malicious user with the ability to create a PersistentVolume referencing the NFS CSI driver could craft a volumeHandle containing traversal sequences (for example ../). When the driver performs cleanup operations during volume deletion, these sequences may cause the driver to operate on unintended directories on the NFS server.
An attacker exploiting this flaw could cause deletion or modification of directories outside the intended managed subdirectory within the NFS export.
This issue has been rated Medium (6.5) with CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H and assigned CVE-2026-3864.
Am I vulnerable?
You may be vulnerable if:
You run the CSI Driver for NFS (nfs.csi.k8s.io)
Your cluster allows users to create PersistentVolumes referencing the NFS CSI driver
Your CSI driver version does not validate traversal sequences in the subDir field
Affected Versions
All versions of the CSI Driver for NFS prior to the v4.13.1 release containing the fix for traversal validation are affected.
How do I mitigate this vulnerability?
This issue can be mitigated by:
Upgrading the CSI Driver for NFS to a patched version
Restricting PersistentVolume creation privileges to trusted administrators
Reviewing NFS exports to ensure only intended directories are writable by the driver
As a best practice, untrusted users should not be granted permission to create arbitrary PersistentVolumes referencing external storage drivers.
Fixed Versions
CSI Driver for NFS versions >= v4.13.1
Detection
To determine if your cluster may be affected:
Inspect PersistentVolumes using the NFS CSI driver and review the volumeHandle field.
Look for traversal sequences such as: `../`
Review CSI controller logs for unexpected directory operations. e.g. “Removing subPath: /tmp/mount-uuid/legitimate/../../../exports/subdir”
If you find evidence that this vulnerability has been exploited, please contact secu...@kubernetes.io
Thank You,
Rita Zhang on behalf of the Kubernetes Security Response Committee
Additional Details
See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/137797
Acknowledgements
This vulnerability was reported by @Shaul Ben Hai, Senior Staff Security Researcher from SentinelOne.
The issue was fixed by the CSI Driver for NFS maintainers and the Kubernetes Security Response Committee.
Andy Zhang @andyzhangx
Rita Zhang @ritazh
Thank You,
Rita Zhang on behalf of the Kubernetes Security Response Committee
AWS Security
Hello,
Thank you for bringing this security concern to our attention. We’re currently investigating your report and will be in touch with any questions. Throughout the engagement, we will provide timely updates and monthly check-ins to keep you informed of our progress. You are welcome to request updates at any time.
If you are reporting a security concern you believe is a vulnerability in AWS Software or Services within scope for the Vulnerability Disclosure Program [1] and you prefer to report your security concerns via HackerOne, visit https://hackerone.com/aws_vdp. HackerOne provides a secure communications experience for enhanced collaboration, recognition, and potential for non-monetary rewards.
To protect your email, please use our PGP key: https://aws.amazon.com/security/aws-pgp-public-key. If you would like us to encrypt our communications to you, please provide your public PGP key.
More information about vulnerability reporting and how we handle the information you share with us is available here [2].
[1] https://hackerone.com/aws_vdp
[2] https://aws.amazon.com/security/vulnerability-reporting/
On Mon, 16 Mar 2026 23:04:38 -0700, rita.z...@gmail.com wrote:
Hello Kubernetes Community,
A vulnerability was identified in the Kubernetes CSI Driver for NFS where
insufficient validation of the subDir parameter in volume identifiers could
allow path traversal. A malicious user with the ability to create a
PersistentVolume referencing the NFS CSI driver could craft a volumeHandle
containing traversal sequences (for example ../). When the driver performs
cleanup operations during volume deletion, these sequences may cause the
driver to operate on unintended directories on the NFS server.
An attacker exploiting this flaw could cause deletion or modification of
directories outside the intended managed subdirectory within the NFS export.
This issue has been rated Medium (6.5) with
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
and assigned CVE-2026-3864.
Am I vulnerable?
You may be vulnerable if:
Your cluster allows users to create PersistentVolumes referencing the
NFS CSI driver
Your CSI driver version does not validate traversal sequences in the
subDir field
Affected Versions
All versions of the CSI Driver for NFS prior to the v4.13.1 release
containing the fix for traversal validation are affected.
How do I mitigate this vulnerability?
This issue can be mitigated by:
Upgrading the CSI Driver for NFS to a patched version
Restricting PersistentVolume creation privileges to trusted
administrators
Reviewing NFS exports to ensure only intended directories are writable
by the driver
As a best practice, untrusted users should not be granted permission to
create arbitrary PersistentVolumes referencing external storage drivers.
Fixed Versions
CSI Driver for NFS versions >= v4.13.1
Detection
To determine if your cluster may be affected:
Inspect PersistentVolumes using the NFS CSI driver and review the
volumeHandle field.
Look for traversal sequences such as: `../`
Review CSI controller logs for unexpected directory operations. e.g.
“Removing subPath: /tmp/mount-uuid/legitimate/../../../exports/subdir”
If you find evidence that this vulnerability has been exploited, please
contact secu...@kubernetes.io
Thank You,
Rita Zhang on behalf of the Kubernetes Security Response Committee
Additional Details
See the GitHub issue for more details:
https://github.com/kubernetes/kubernetes/issues/137797
Acknowledgements
This vulnerability was reported by @Shaul Ben Hai, Senior Staff Security
Researcher from SentinelOne.
The issue was fixed by the CSI Driver for NFS maintainers and the
Kubernetes Security Response Committee.
Andy Zhang @andyzhangx
Rita Zhang @ritazh
Thank You,
Rita Zhang on behalf of the Kubernetes Security Response Committee
