NFS Client on Red Hat Systems Can Be Tricked into Sending Credentials

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

NFS Client on Red Hat Systems Can Be Tricked into Sending Credentials

RHSA-2026:3941

Summary

An update is available for the NFS client on Red Hat systems. This update fixes a security issue that could allow an attacker to trick the client into sending sensitive information, such as usernames and passwords. To fix this issue, update your system to the latest version of nfs-utils.

What to do

Update redhat libnfsidmap to version 1:2.5.4-34.el9_6.3.
Update redhat libnfsidmap-debuginfo to version 1:2.5.4-34.el9_6.3.
Update redhat libnfsidmap-devel to version 1:2.5.4-34.el9_6.3.
Update redhat nfs-utils to version 1:2.5.4-34.el9_6.3.
Update redhat nfs-utils-coreos to version 1:2.5.4-34.el9_6.3.
Update redhat nfs-utils-coreos-debuginfo to version 1:2.5.4-34.el9_6.3.
Update redhat nfs-utils-debuginfo to version 1:2.5.4-34.el9_6.3.
Update redhat nfs-utils-debugsource to version 1:2.5.4-34.el9_6.3.
Update redhat nfsv4-client-utils to version 1:2.5.4-34.el9_6.3.
Update redhat nfsv4-client-utils-debuginfo to version 1:2.5.4-34.el9_6.3.

Affected software

Vendor	Product	Affected versions	Fix available
redhat	libnfsidmap	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	libnfsidmap	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	libnfsidmap-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	libnfsidmap-devel	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-coreos	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-coreos-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-debugsource	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfsv4-client-utils	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfsv4-client-utils-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	libnfsidmap	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	libnfsidmap-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	libnfsidmap-devel	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-coreos	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-coreos-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-debugsource	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfsv4-client-utils	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfsv4-client-utils-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	libnfsidmap-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	libnfsidmap-devel	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-coreos	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-coreos-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfs-utils-debugsource	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfsv4-client-utils	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3
redhat	nfsv4-client-utils-debuginfo	<= 1:2.5.4-34.el9_6.3	1:2.5.4-34.el9_6.3

Original title

Red Hat Security Advisory: nfs-utils security update

osv CVSS3.1 6.5

https://access.redhat.com/errata/RHSA-2026:3941 Vendor Advisory
https://access.redhat.com/security/updates/classification/#moderate Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2413081 Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3941.j... Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-12801 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-12801 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-12801 Vendor Advisory

Published: 6 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026