Amazon EFS CSI Driver
Easy fix2 remedies
cpe:2.3:a:amazon:elastic_file_system_container_storage_interface_driver:*:*:*:*:go:*:*
Easy fix2 remedies
- <= v3.0.0
AWS EFS CSI Driver Mount Option Injection Vulnerability
Vulnerability
Patched
A vulnerability in the AWS EFS CSI Driver prior to version 3.0.1 allows remote authenticated users with permissions to create PersistentVolumes to inject arbitrary mount options through comma-separated values. This injection occurs via two unsanitized fields: the Access Point ID in volumeHandle and the mounttargetip volumeAttribute. The mount utility interprets the injected values as separate options, which are then applied to the filesystem mount without proper authorization.
Impact
Exploitation of this vulnerability allows for unauthorized injection of mount options, which could be used to manipulate how the filesystem is mounted, potentially leading to unauthorized access or modification of data.
Remediation
Users should upgrade to AWS EFS CSI Driver version 3.0.1 or later. For those using a forked or derivative version of the driver, ensure that it is patched to include the latest fixes.
Added: Apr 17, 2026, 7:41 PM
Updated: Apr 17, 2026, 7:41 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
0.6exploitability
4.9remediation
7.9relevance
6.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.