Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 5:27 p.m.15 views

CVE-2026-50563 Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:27 p.m.32 views

CVE-2026-50563

Fission before v1.24.0 allows a tenant to supply Function.spec.podspec, which is merged into the executor-built podspec and used to create a Deployment for the user’s container image. This directly explains the root cause of the listed vulnerability and aligns with the patched state in v1.24.0. T...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 5:26 p.m.27 views

CVE-2026-50545 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities stem from the Container Executor’s path, which allows tenants to directly provide Function.spec.podspec. The executor merges thi...

9.9CVSS5.3AI score0.00274EPSS
Exploits0References1
Rows per page
Query Builder