wid-sec-w-2026-0615
·
Published 2026-03-05
·
View on BSI CERT-Bund ↗
Red Hat Enterprise Linux (nfs-utils): Vulnerability allows Offenlegung from Informationen
CVSS 6.5
MEDIUM
Risk Summary
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
CVEs (1)
Affected Vendors
Oracle
RESF
Red Hat
Affected Products (7)
Red Hat
·
Enterprise Linux
8
Red Hat
·
Enterprise Linux
9
Red Hat
·
Enterprise Linux
9.4
Red Hat
·
Enterprise Linux
9.6
Red Hat
·
Enterprise Linux
10
Red Hat
·
OpenShift
Container Platform <4.16.59
Red Hat
·
OpenShift
Container Platform 4.16.59
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more