CVE-2026-3864 in Kubernetesinfo

Zusammenfassung

von MITRE • 21.03.2026

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequences (../). During volume deletion or cleanup operations, the driver could operate on unintended directories outside the intended managed path within the NFS export. This may lead to deletion or modification of directories on the NFS server.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

21.03.2026

Moderieren

akzeptiert

Eintrag

VDB-351714

CPE

bereit

CWE

CWE-22 (bestätigt)

CVSS

6.5 (CNA)

EPSS

0.00113

KEV

nein

Aktivitäten

very low

Sektor

Police, Education, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-3864
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-3864
CVE Details	https://www.cvedetails.com/cve/CVE-2026-3864/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!