🟠 High | Source: Microsoft Security Response Center
A integer underflow vulnerability (CVE-2026-57918) has been identified in libnfs, a client-side NFS library, affecting versions up to and including 6.0.2. The flaw occurs when connecting to a maliciously crafted NFS server, where a mismatch between expected and actual PDU sizes can trigger memory corruption. This matters because libnfs is widely used in cloud and virtualisation environments, and exploitation could allow a rogue NFS server to compromise connecting clients.
Security Architect’s Take: Audit your Azure and on-premises workloads for any services or container images that depend on libnfs ≤6.0.2, and update to a patched build (post commit 935b8db). Additionally, restrict outbound NFS connectivity so workloads can only connect to trusted, known-good NFS endpoints — this limits exposure to the crafted-server attack vector.