CVE-2026-6437EPSS p33.8%

CVE-2026-6437CVE-2026-6437

amazon / efs_csi_driver

Description

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS0.42% probability of exploitation · percentile 33.8% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41013
CVE
CVE-2026-46329
CVE
CVE-2026-40409
CVE
CVE-2025-62878
CVE
CVE-2025-1137
CVE
CVE-2026-11417
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.