CVE-2026-50566
published 2026-06-10CVE-2026-50566: Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version…
PriorityP264critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.29%
20.6th percentile
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor's high-privilege service account — enabling container-sandbox escape, host filesystem and network access, and potential node- and cluster-level compromise. This issue has been patched in version 1.24.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fission | fission | < 1.24.0 | 1.24.0 |
| github.com | fission_fission | >= 0 < 1.24.0 | 1.24.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation
ghsa·2026-06-30
CVE-2026-50566 [CRITICAL] CWE-250 Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation
Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation
### Summary
A follow-up bypass of the round-4 PodSpec hardening (GHSA-gx55-f84r-v3r7, GHSA-wmgg-3p4h-48x7, GHSA-v455-mv2v-5g92). Those advisories validate and sanitize the `PodSpec` (`spec.runtime.podSpec` / `spec.builder.podSpec` /
`function.spec.podSpec`), but the Environment CRD also exposes `spec.runtime.container` and `spec.builder.container` — a standalone `Container` merged into the runtime/builder pod whose `SecurityContext` bypassed both layers.
### Details
**Admission-layer gap.** `Environment.Validate()` calls `ValidatePodSpecSafety()` on `Runtime.PodSpec` and `Builder.PodSpec` only. That function takes a `*PodSpec`, so it never inspects the standalone `Runtime.
VulDB
Fission up to 1.23.x unnecessary privileges (GHSA-m63v-2g9w-2w6v)
vuldb·2026-06-10·CVSS 9.9
CVE-2026-50566 [CRITICAL] Fission up to 1.23.x unnecessary privileges (GHSA-m63v-2g9w-2w6v)
A vulnerability labeled as critical has been found in Fission up to 1.23.x. This affects an unknown part. Executing a manipulation can lead to execution with unnecessary privileges.
This vulnerability is registered as CVE-2026-50566. It is possible to launch the attack remotely. No exploit is available.
The affected component should be upgraded.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-10
Published