Lucene search
K

4 matches found

NVD
NVD
added 2026/06/10 6:17 p.m.28 views

CVE-2026-50563

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...

9.9CVSS0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:28 p.m.8 views

CVE-2026-50565 Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the...

4.9CVSS5.4AI score0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:27 p.m.21 views

CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS5.4AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 5:25 p.m.22 views

CVE-2026-49824

Fission (Kubernetes-native serverless framework) prior to v1.24.0 allowed a cross-namespace environment reference via the Function admission webhook because spec.environment.namespace was not validated, unlike spec.secrets[].namespace and spec.configmaps[].namespace. The issue affects the Functio...

8.5CVSS5.4AI score0.00223EPSS
Exploits0References3
Rows per page
Query Builder