CVE-2026-3864

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequences (../). During volume deletion or cleanup operations, the driver could operate on unintended directories outside the intended managed path within the NFS export. This may lead to deletion or modification of directories on the NFS server.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/137797
https://groups.google.com/g/kubernetes-security-announce/c/i4ZKN9VLcUE
http://www.openwall.com/lists/oss-security/2026/03/17/1

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-20 23:16

Updated : 2026-03-23 14:32

NVD link : CVE-2026-3864

Mitre link : CVE-2026-3864

CVE.ORG link : CVE-2026-3864

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-3864", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "jordan@liggitt.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2026-03-20T23:16:48.303", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/137797", "source": "jordan@liggitt.net"}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/i4ZKN9VLcUE", "source": "jordan@liggitt.net"}, {"url": "http://www.openwall.com/lists/oss-security/2026/03/17/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "jordan@liggitt.net", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequences (../). During volume deletion or cleanup operations, the driver could operate on unintended directories outside the intended managed path within the NFS export. This may lead to deletion or modification of directories on the NFS server."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad en el controlador CSI de Kubernetes para NFS donde el par\u00e1metro subDir en los identificadores de volumen no se validaba suficientemente. Atacantes con la capacidad de crear PersistentVolumes que hacen referencia al controlador CSI de NFS podr\u00edan crear identificadores de volumen que contienen secuencias de salto de ruta (../). Durante las operaciones de eliminaci\u00f3n o limpieza de volumen, el controlador podr\u00eda operar en directorios no deseados fuera de la ruta gestionada prevista dentro de la exportaci\u00f3n NFS. Esto podr\u00eda llevar a la eliminaci\u00f3n o modificaci\u00f3n de directorios en el servidor NFS."}], "lastModified": "2026-03-23T14:32:02.800", "sourceIdentifier": "jordan@liggitt.net"}