Lucene search
K

6 matches found

CVE
CVE
added 2026/06/10 5:27 p.m.24 views

CVE-2026-50564

CVE-2026-50564 concerns Fission’s Environment CRD prior to version 1.24.0, where spec.runtime.podSpec and spec.builder.podSpec were merged into runtime/builder pod specs without filtering. This allowed propagation of hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from...

9.9CVSS5.5AI score0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 5:27 p.m.24 views

CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:27 p.m.18 views

CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:26 p.m.16 views

CVE-2026-50545 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS5.4AI score0.003EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 5:26 p.m.27 views

CVE-2026-50545 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS0.003EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 5:26 p.m.24 views

CVE-2026-50545

Fission (Kubernetes-native serverless) prior to version 1.24.0 allowed Environment.spec.runtime.podSpec and spec.builder.podSpec passthrough without validation, and MergePodSpec could propagate dangerous fields into generated pods. This CVE—CVE-2026-50545—describes a PodSpec injection with potent...

9.9CVSS5.4AI score0.003EPSS
Exploits0References4
Rows per page
Query Builder