fission
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting fission.
- CVE-2026-50570Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-clock corruption8.5
- CVE-2026-50569Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypasses CLI checks4.3
- CVE-2026-50568Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape3.6
- CVE-2026-50567Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the destination directory7.7
- CVE-2026-50566Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation9.9
- CVE-2026-50565Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container4.9
- CVE-2026-50564Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape9.9
- CVE-2026-50563Fission Container Executor Function PodSpec Injection Leading to Node Escape9.9
- CVE-2026-50545Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover9.9
- CVE-2026-49824Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook8.5
- CVE-2026-49823Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook7.7
- CVE-2026-49822Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance7.7
- CVE-2026-49821Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration7.7
- CVE-2026-46612Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives8.8
- CVE-2026-46614Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger9.8