fission Summary
Latest vulnerabilities published by fission
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-clock corruption
CVE-2026-50570FissionFission8.5HIGHFission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypasses CLI checks
CVE-2026-50569FissionFission4.3MEDIUMFission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape
CVE-2026-50568FissionFission3.6LOWFission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the destination directory
CVE-2026-50567FissionFission7.7HIGHFission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation
CVE-2026-50566FissionFission9.9CRITICALFission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container
CVE-2026-50565FissionFission4.9MEDIUMFission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
CVE-2026-50564FissionFission9.9CRITICALFission Container Executor Function PodSpec Injection Leading to Node Escape
CVE-2026-50563FissionFission9.9CRITICALFission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover
CVE-2026-50545FissionFission9.9CRITICALFission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook
CVE-2026-49824FissionFission8.5HIGHFission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook
CVE-2026-49823FissionFission7.7HIGHFission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance
CVE-2026-49822FissionFission7.7HIGHFission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration
CVE-2026-49821FissionFission7.7HIGHFission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
CVE-2026-46618FissionFission6.9MEDIUMFission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
CVE-2026-46617FissionFission8.7HIGHFission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
CVE-2026-46612FissionFission8.8HIGHFission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger
CVE-2026-46614FissionFission9.8CRITICAL