What is the CVSS score of CVE-2026-50563?

CVE-2026-50563 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Fission are affected by CVE-2026-50563?

Fission, a serverless platform running on Kubernetes, contains a critical privilege escalation vulnerability (CVE-2026-50563, CVSS 9.9) that allows any user with basic container deployment…. A patch is available.

How to fix or mitigate CVE-2026-50563?

24 hours: Inventory Fission deployments and versions, restrict RBAC permissions for Function CRUD operations to only essential administrators, and enforce Kubernetes Pod Security Admission policies to block privileged pod specifications. 7 days: Audit all existing Functions for unsafe configurations, implement audit logging of Function modifications, and begin planning for version 1.24.0 upgrade. 30 days: Upgrade Fission to version 1.24.0 or later (when available) to apply upstream fix (PR #3391 which hardens pod specification validation).

Fission CVE-2026-50563

EUVD-2026-36099 CRITICAL

Improper Privilege Management (CWE-269)

2026-06-10 GitHub_M

Privilege Escalation Kubernetes

9.9

CVSS 3.1 · NVD

Severity by source

Vendor (GitHub_M) PRIMARY

CRITICAL

qualitative

NVD

9.9 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (GitHub_M).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 10, 2026 - 20:01 EUVD

Source Code Evidence Fetched

Jun 10, 2026 - 18:43 vuln.today

Analysis Generated

Jun 10, 2026 - 18:43 vuln.today

CVE Published

Jun 10, 2026 - 17:27 nvd

CRITICAL 9.9

DescriptionNVD

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user's container image. This issue has been patched in version 1.24.0.

Articles & Coverage 2

News 12 New Kubernetes Vulnerabilities - 5 Critical, 7 High Severity Jun 11, 2026 News Critical Privilege Escalation in Kubernetes Fission Serverless Framework - CVE-2026-50563 Jun 10, 2026

AnalysisAI

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with Function CRUD permissions to supply an arbitrary Function.spec.podspec that the Container Executor merges into the executor-built podspec, resulting in a Deployment whose pods can break the container sandbox and reach node or cluster level. No public exploit identified at time of analysis, but the upstream fix (PR #3391) explicitly enumerates host namespaces, privileged contexts, hostPath mounts, service account overrides, and dangerous Linux capabilities as the abused fields. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Obtain Function CRUD RBAC in target namespace

Delivery

Craft Function with malicious spec.podspec (hostPath/privileged/SYS_ADMIN)

Exploit

Submit Function CR to Kubernetes API

Install

Container Executor merges podspec and creates Deployment

Executor-privileged pod starts on node with sandbox-breaking settings

Execute

Escape to host or steal kubelet credentials

Impact

Pivot to other tenants or cluster-admin

Recon

Obtain Function CRUD RBAC in target namespace

Delivery

Craft Function with malicious spec.podspec (hostPath/privileged/SYS_ADMIN)

Exploit

Submit Function CR to Kubernetes API

Install

Container Executor merges podspec and creates Deployment

Executor-privileged pod starts on node with sandbox-breaking settings

Execute

Escape to host or steal kubelet credentials

Impact

Pivot to other tenants or cluster-admin

Vulnerability AssessmentAI

Exploitation	The attacker must hold create/update permission on Fission Function custom resources (Function CRUD RBAC, consistent with CVSS PR:L) in a cluster running Fission prior to 1.24.0 using the Container Executor path; the abuse is performed by supplying a malicious Function.spec.podspec containing at least one of: hostNetwork/hostPID/hostIPC=true, a hostPath volume, a serviceAccountName (or deprecated serviceAccount) override, securityContext.privileged=true, allowPrivilegeEscalation=true, or capabilities.add containing SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, or DAC_OVERRIDE. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H justifies the 9.9 score: network reachable via the Kubernetes API, low attack complexity, only low privileges required (Function CRUD), no user interaction, and a Scope change indicating impact beyond the vulnerable component (the Fission tenant boundary) into node/cluster resources. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A tenant with Function CRUD permission in a shared Fission cluster creates or updates a Function whose spec.podspec sets hostPID:true, a hostPath volume mounting the node root filesystem, or a container securityContext with privileged:true or capabilities.add:[SYS_ADMIN]; the Container Executor merges this into its own podspec and creates a Deployment using the executor service account. The resulting pod runs the tenant's image with node-level access, allowing the attacker to read kubelet credentials, escape to the host, and pivot to other tenants' workloads. …
Remediation	Vendor-released patch: upgrade Fission to version 1.24.0 or later (https://github.com/fission/fission/releases/tag/v1.24.0), which introduces the ValidatePodSpecSafety function (pkg/apis/core/v1/podspec_safety.go) and registers an UPDATE-aware validating admission webhook to reject tenant-supplied PodSpec fields that cross the sandbox boundary. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory Fission deployments and versions, restrict RBAC permissions for Function CRUD operations to only essential administrators, and enforce Kubernetes Pod Security Admission policies to block privileged pod specifications. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-50566 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission prior to version 1.24.0 allows a tenant holding environments.fission.io create/update RB

CVE-2026-50545 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission prior to 1.24.0 allows an authenticated user with permission to create or modify Environ

CVE-2026-50564 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with En

CVE-2026-49824 HIGH This Week

8.5 Jun 10

Cross-namespace access control bypass in Fission (Kubernetes-native serverless framework) prior to 1.24.0 allows an auth

CVE-2026-50570 HIGH This Week

8.5 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.25.0 allows a tenant with pe

CVE-2026-50563 vulnerability details – vuln.today

Back

Fission CVE-2026-50563

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Articles & Coverage 2

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code