Kubernetes NFS CSI Driver Vulnerability Lets Attackers Delete and Alter Directories – What You Need to Know

In a recent security alert, a flaw in the Kubernetes Container Storage Interface (CSI) driver for Network File System (NFS) has been identified that could let attackers delete or modify directories on storage servers without permission. The issue, catalogued as CVE‑2026‑3864, carries a medium‑severity score of 6.5 on the CVSS v3.1 scale. It was uncovered by a researcher at SentinelOne, Shaul Ben Hai, and it affects every released version of the NFS CSI driver.

How the Vulnerability Works

The Kubernetes CSI framework allows container orchestration platforms to plug in external storage systems. The NFS CSI driver is one of the most widely used plugins, enabling pods to mount NFS shares as persistent volumes. The flaw lies in the driver’s handling of file system paths during the mount process.

When a pod requests a volume, the driver constructs a path that points to a directory on the NFS server. Due to insufficient validation, an attacker can supply a specially crafted path that resolves to a parent directory outside the intended mount point. Once the driver mounts the volume, the attacker can then issue standard file system commands—such as rm or mv—to delete or move files and directories that belong to other users or system components.

Because the driver runs with elevated privileges on the node, the attacker’s actions are not limited by the pod’s security context. In effect, the vulnerability turns the CSI driver into a privilege‑escalation vector that bypasses Kubernetes’ namespace isolation.

Who Is Affected?

Every Kubernetes cluster that uses the NFS CSI driver is potentially vulnerable. This includes:

• Public cloud deployments (AWS EKS, GCP GKE, Azure AKS) that rely on the community‑maintained NFS CSI plugin.
• On‑premise clusters that have installed the driver from the official GitHub repository.
• Custom builds that incorporate the driver without applying the latest security patches.

Clusters that have upgraded to the latest driver version (as of the time of writing) are still at risk because the fix has not yet been merged into the mainline codebase. Administrators should verify the driver version and check the project’s issue tracker for any updates.

Immediate Mitigation Steps

While a full patch is pending, cluster operators can take several practical measures to reduce exposure:

• Restrict NFS Server Access: Limit the NFS server’s export list to only the nodes that truly need it. Use firewall rules or security groups to block traffic from untrusted sources.
• Apply Node‑Level Hardening: Run the CSI driver in a dedicated, least‑privilege container or as a privileged pod only when necessary. Consider using securityContext.runAsUser and runAsGroup to enforce non‑root execution.
• Enable Strict Path Validation: If you maintain a fork of the driver, patch the path‑resolution logic to reject any path that contains .. or absolute references outside the designated mount root.
• Audit Mount Points: Use tools like kubelet --debug or kubectl describe pv to confirm that all persistent volumes point to the correct directories. Look for any anomalies that could indicate a misconfiguration.
• Monitor File System Activity: Deploy an in‑node file integrity monitoring solution (e.g., OSSEC, Tripwire) to alert on unexpected deletions or modifications within the NFS export directories.

These steps are not a substitute for a patch but can significantly lower the risk until the official fix is released.

What the Fix Will Look Like

The maintainers of the NFS CSI driver have acknowledged the issue and are working on a remediation. The proposed fix will enforce strict validation of the mount path, ensuring that any request to create or modify a directory is confined to the intended volume namespace. Additionally, the patch will add a whitelist of allowed characters and reject any path that attempts to traverse upward in the directory tree.

Once the fix is merged, the project will release a new version (currently slated for the next minor update). Administrators should monitor the GitHub repository and the Kubernetes release notes for the exact version number and upgrade instructions.

Long‑Term Recommendations

Beyond the immediate patch, cluster operators should adopt a broader strategy to harden storage access:

• Prefer block‑based storage (e.g., CSI drivers for Ceph, Rook, or cloud block disks) over NFS when possible, as block storage typically offers finer‑grained access controls.
• Implement RBAC policies that restrict which service accounts can create persistent volumes or claim them.
• Use Pod Security Policies or the newer OPA Gatekeeper to enforce that pods cannot mount host