Description
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
References (12)
Scores
CVSS v3
6.5
EPSS
0.0001
EPSS Percentile
2.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-279
CWE-732
Status
published
Products (21)
linux-nfs/nfs-utils
Red Hat/Red Hat Ceph Storage 8
sha256:1160569002c25d3d349bbe41b57eeffade438853d3419edca01813227440f414
Red Hat/Red Hat Ceph Storage 8
sha256:a0f0f9770911d6a0fc522f304942765059643193e95c9f6e505462f98a979db1
Red Hat/Red Hat Enterprise Linux 10
1:2.8.3-0.el10_1.3
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
1:2.3.3-68.el8_10
Red Hat/Red Hat Enterprise Linux 9
1:2.5.4-38.el9_7.3
Red Hat/Red Hat Enterprise Linux 9.4 Extended Update Support
1:2.5.4-26.el9_4.3
Red Hat/Red Hat Enterprise Linux 9.6 Extended Update Support
1:2.5.4-34.el9_6.3
... and 11 more
Published
Mar 04, 2026
Tracked Since
Mar 04, 2026