Kubernetes Vulnerability Allows Remote File Manipulation

CERT-Bund has released a security advisory (WID-SEC-2026-0738) detailing a critical vulnerability in Kubernetes, specifically affecting the Open Source Kubernetes CSI Driver for NFS versions earlier than 4.13.1. The vulnerability, rated with a CVSS Base Score of 6.5, allows a remote, authenticated attacker to manipulate files on affected systems. This advisory applies to Linux and UNIX operating systems where Kubernetes is deployed.

Organizations utilizing the affected Kubernetes CSI Driver for NFS must update to a patched version (4.13.1 or later) to mitigate this risk. Failure to address this vulnerability could lead to unauthorized file manipulation, potentially compromising data integrity and system security. While no specific compliance deadline is mentioned, prompt patching is strongly recommended to prevent exploitation.