Skip to main content

Fission CVE-2026-46614

| EUVDEUVD-2026-36090 CRITICAL
Improper Access Control (CWE-284)
2026-05-21 https://github.com/fission/fission GHSA-3g33-6vg6-27m8
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
May 21, 2026 - 21:00 vuln.today
Analysis Generated
May 21, 2026 - 21:00 vuln.today

DescriptionNVD

Summary

The Fission router registers an internal-style route - /fission-function/<name> and /fission-function/<ns>/<name> - for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers (svc/router, port 8888), so any caller who could reach the router could invoke any function by guessing its metadata.name (and namespace), bypassing the host / path / method / method-allow-list restrictions encoded in HTTPTrigger objects.

Affected component

  • pkg/router/httpTriggers.go:280-284 - internalRoute registration via utils.UrlForFunction(fn.Name, fn.Namespace), bound to the function handler.

Impact

An external caller who reaches the public router could:

  1. Invoke functions that the operator intentionally did not publish through an HTTPTrigger (e.g. functions used only as Kubewatcher / Timer / MessageQueue trigger targets, internal helpers, or sample functions).
  2. Bypass HTTPTrigger-level restrictions: a function published only on POST /api/v2/foo could still be invoked as GET /fission-function/<ns>/<name> with arbitrary headers and body.
  3. Enumerate function names by probing the response semantics (404 vs 200 vs 502 from cold start).

In multi-tenant deployments this also crosses tenant boundaries when functions in tenant namespace B are reachable from tenant A's pods (or from anywhere on the internet if the router is ingress-exposed).

Root cause

/fission-function/... was historically used by internal trigger sources (timer, kubewatcher, mqtrigger) that share the cluster network with the router, but the route was registered on the public listener that also serves user HTTPTriggers. The two audiences were never separated.

Fix

Released in v1.23.0:

  • PR #3369 (commit 814d232c): the router now runs two listeners - a public listener (port 8888, svc/router) that serves only user-defined HTTPTriggers, /router-healthz, and /_version, and an internal listener (port 8889, svc/router-internal, ClusterIP-only) that exclusively serves /fission-function/<ns>/<name>. The internal listener is wrapped with the pkg/auth/hmac.ServiceVerifier using the ServiceRouterInternal derived key - internal trigger sources sign their requests with a per-service HKDF-derived key from a cluster master secret. Empty master secret falls back to pass-through (preserves compatibility for clusters not yet rotating in a secret).
  • PR #3365 (commit 0aa24788): added per-service NetworkPolicy resources to charts/fission-all, ensuring svc/router-internal is only reachable from kubewatcher, timer, mqtrigger, and mqt-keda pods inside the release namespace.
  • The internal-listener path itself is still /fission-function/<ns>/<name> - only its location moved.

Mitigation (until upgrade)

  1. Apply a NetworkPolicy to the Fission namespace that allows ingress to svc/router (port 8888) only from the consuming project's ingress controller, and blocks /fission-function/... at the ingress layer (path-based filter on the ingress).
  2. Avoid exposing the router directly via LoadBalancer/NodePort; front it with an ingress that path-filters /fission-function/.
  3. Treat function metadata.name as not a secret - names should not be the access control boundary.

AnalysisAI

Authentication bypass in Fission (Kubernetes serverless framework) versions 1.22.0 and earlier allows unauthenticated remote callers reaching the public router (svc/router, port 8888) to invoke any Function object by guessing its metadata.name and namespace via the /fission-function/<ns>/<name> route, completely bypassing HTTPTrigger host, path, method, and method-allow-list restrictions. The flaw also enables function-name enumeration and crosses tenant boundaries in multi-tenant deployments; no public exploit identified at time of analysis, though the fix commits and root-cause analysis are public on GitHub.

Technical ContextAI

Fission is an open-source serverless framework built on Kubernetes (Go module github.com/fission/fission) that exposes user functions through HTTPTrigger custom resources mediated by a router component. The root cause (CWE-284, Improper Access Control) is in pkg/router/httpTriggers.go lines 280-284, where utils.UrlForFunction(fn.Name, fn.Namespace) unconditionally registers an internal-style route - /fission-function/<name> and /fission-function/<ns>/<name> - on the same HTTP listener that serves user-defined HTTPTriggers. This route was historically intended for in-cluster trigger sources (Kubewatcher, Timer, MessageQueue triggers) that share the cluster network, but the two audiences (public user traffic and internal trigger traffic) were never network-separated, so any caller able to reach svc/router on port 8888 inherits the privileges previously assumed to belong only to internal cluster components.

RemediationAI

Vendor-released patch: upgrade Fission to v1.23.0 (https://github.com/fission/fission/releases/tag/v1.23.0), which lands PR #3369 splitting the router into a public listener on port 8888 (HTTPTriggers, /router-healthz, /_version only) and an internal listener on port 8889 (svc/router-internal, ClusterIP) that exclusively serves /fission-function/<ns>/<name> protected by pkg/auth/hmac.ServiceVerifier with an HKDF-derived per-service key, plus PR #3365 adding per-service NetworkPolicy resources in charts/fission-all that restrict svc/router-internal to kubewatcher, timer, mqtrigger, and mqt-keda pods in the release namespace. Until upgrade, apply a NetworkPolicy that limits ingress to svc/router (port 8888) to the consuming project's ingress controller and configure that ingress to path-filter (block) /fission-function/ - note that this breaks any out-of-band tooling that relied on hitting the internal route from outside the cluster - and avoid exposing the router via LoadBalancer/NodePort directly; also treat function metadata.name as non-secret since name-based obscurity was never an access boundary. The empty-master-secret fallback in v1.23.0 is pass-through to preserve compatibility, so operators should also rotate in a cluster master secret to actually enforce HMAC on the internal listener.

Share

CVE-2026-46614 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy