Skip to main content

Fission CVE-2026-50566

| EUVD-2026-36102 CRITICAL
Execution with Unnecessary Privileges (CWE-250)
2026-06-10 GitHub_M
Privilege Escalation Kubernetes Fission
9.9
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (GitHub_M) · only source for this CVE.

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch available
Jun 10, 2026 - 20:01 EUVD
Source Code Evidence Fetched
Jun 10, 2026 - 18:46 vuln.today
Analysis Generated
Jun 10, 2026 - 18:46 vuln.today
CVE Published
Jun 10, 2026 - 17:29 nvd
CRITICAL 9.9

DescriptionCVE.org

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor's high-privilege service account - enabling container-sandbox escape, host filesystem and network access, and potential node- and cluster-level compromise. This issue has been patched in version 1.24.0.

Articles & Coverage 2

News 12 New Kubernetes Vulnerabilities - 5 Critical, 7 High Severity Jun 11, 2026 News Critical Privilege Escalation in Kubernetes Fission prior to 1.24.0 - CVE-2026-50566 Jun 10, 2026

AnalysisAI

Privilege escalation in Fission prior to version 1.24.0 allows a tenant holding environments.fission.io create/update RBAC to define Environment custom resources with privileged, allowPrivilegeEscalation, or dangerous Linux capabilities on the bare Runtime.Container or Builder.Container fields, which bypass the existing PodSpec safety validator and get scheduled under the executor's high-privilege service account. Successful abuse enables container-sandbox escape, host filesystem and network access, and node- or cluster-level compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain environments.fission.io create RBAC in tenant namespace
Delivery
Craft Environment CR with privileged runtime.container or SYS_ADMIN capability
Exploit
Submit CR, bypassing PodSpec safety validator
Execution
Executor schedules pod under high-privilege service account
Persist
Privileged container escapes sandbox to host
Impact
Steal kubelet credentials and pivot to cluster compromise
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) a Fission deployment older than 1.24.0, (2) an attacker-controlled Kubernetes principal with create or update verbs on the environments.fission.io resource (PR:L per CVSS), and (3) a multi-tenant posture where Environments created by that principal are scheduled by the Fission executor under its high-privilege service account into the function or builder namespace. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) reflects that a low-privilege but authenticated tenant with a single namespaced RBAC verb can pivot to a scope-change cluster compromise with high confidentiality, integrity, and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious tenant with environments.fission.io create rights submits an Environment manifest whose spec.runtime.container.securityContext sets privileged=true (or adds SYS_ADMIN) and points at an attacker-controlled image. When the executor schedules the resulting pod under its high-privilege service account, the attacker's container runs privileged on a node, mounts the host filesystem or kubelet credentials, and pivots to cluster-admin. …
Remediation Vendor-released patch: upgrade Fission to version 1.24.0 or later, which adds ValidateContainerSafety enforcement against Environment.spec.runtime.container and spec.builder.container (see https://github.com/fission/fission/releases/tag/v1.24.0 and PR https://github.com/fission/fission/pull/3406). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all Fission deployments and document current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-50563 CRITICAL
9.9 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with Fu
CVE-2026-50545 CRITICAL
9.9 Jun 10

Privilege escalation in Fission prior to 1.24.0 allows an authenticated user with permission to create or modify Environ
CVE-2026-50564 CRITICAL
9.9 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with En
CVE-2026-49824 HIGH
8.5 Jun 10

Cross-namespace access control bypass in Fission (Kubernetes-native serverless framework) prior to 1.24.0 allows an auth
CVE-2026-50570 HIGH
8.5 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.25.0 allows a tenant with pe

Share

CVE-2026-50566 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy