Lucene search
K

117 matches found

EUVD
EUVD
added yesterday13 views

EUVD-2026-36102

Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation...

9.9CVSS5.8AI score0.0029EPSS
Exploits0References5
EUVD
EUVD
added yesterday12 views

EUVD-2026-36101

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References5
EUVD
EUVD
added yesterday10 views

EUVD-2026-36100

Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References5
EUVD
EUVD
added yesterday12 views

EUVD-2026-36099

Fission Container Executor Function PodSpec Injection Leading to Node Escape...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References5
EUVD
EUVD
added yesterday10 views

EUVD-2026-36098

Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover...

9.9CVSS5.8AI score0.003EPSS
Exploits0References7
EUVD
EUVD
added yesterday9 views

EUVD-2026-36097

Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-36096

Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References5
EUVD
EUVD
added yesterday10 views

EUVD-2026-36095

Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References5
EUVD
EUVD
added yesterday8 views

EUVD-2026-36094

Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration...

7.7CVSS5.9AI score0.00231EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 6:17 p.m.15 views

CVE-2026-50570

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...

8.5CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.10 views

CVE-2026-50567

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result...

7.7CVSS0.00301EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.10 views

CVE-2026-50568

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 6:17 p.m.13 views

CVE-2026-50566

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability...

9.9CVSS0.0029EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.12 views

CVE-2026-50569

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeU...

4.3CVSS0.00227EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.13 views

CVE-2026-50565

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the...

4.9CVSS0.00255EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.12 views

CVE-2026-50564

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.10 views

CVE-2026-50545

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS0.003EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 6:17 p.m.21 views

CVE-2026-50563

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...

9.9CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.11 views

CVE-2026-49824

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace...

8.5CVSS0.00223EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.14 views

CVE-2026-49821

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched...

7.7CVSS0.00231EPSS
Exploits0References3
Rows per page
Query Builder