CVE-2026-50563 Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...

CVE-2026-50563

Fission before v1.24.0 allows a tenant to supply Function.spec.podspec, which is merged into the executor-built podspec and used to create a Deployment for the user’s container image. This directly explains the root cause of the listed vulnerability and aligns with the patched state in v1.24.0. T...