What is CVE-2026-3864?

CVE-2026-3864 is a medium-severity vulnerability in Kubernetes Csi Driver For Nfs, classified under Path Traversal. CVSS score: 6.5/10. Published 2026-03-20.

How severe is CVE-2026-3864?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Path Traversal in Kubernetes Csi Driver For Nfs

CVE-2026-3864

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (29.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H.

Affected products

Kubernetes Csi Driver For Nfs — versions 0, 4.13.1

Weakness classification (CWE)

CWE-22 — Path Traversal

References

groups.google.com/g/kubernetes-security-announce/c/i4ZKN9VLcUE (mailing-list)
github.com/kubernetes/kubernetes/issues/137797 (issue-tracking)

Frequently asked questions

What is CVE-2026-3864?: CVE-2026-3864 is a medium-severity vulnerability in Kubernetes Csi Driver For Nfs, classified under Path Traversal. CVSS score: 6.5/10. Published 2026-03-20.
How severe is CVE-2026-3864?: Medium severity. CVSS v3 base score is 6.5 out of 10.