Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
Summary
Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command(...) after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace observed by the buildermgr could thereby point the builder pod at any executable inside the builder image (e.g. /bin/sh -c '...') and execute arbitrary code in the builder pod context.
Affected component
pkg/builder/builder.go:254- call site (exec.Command(buildCmd, buildArgs...)).pkg/builder/builder.go:106- input source:buildCmd, buildArgs = strings.Fields(req.BuildCommand)[0], strings.Fields(req.BuildCommand)[1:].
Impact
A subject with create / update privilege on Environment objects could:
- Cause the builder pod for any package using that environment to execute arbitrary code.
- Read whatever files the builder pod has access to inside its
/packagesshared volume (deployment archive payloads for that package). - Write arbitrary content into the
/packagesshared volume, which the fetcher subsequently uploads as the package deployment archive.
The builder pod runs in the user's namespace with the fission-builder SA (not the more-privileged executor SA), so the impact is bounded to that namespace's package contents and the builder pod's own filesystem. PR:H reflects that creating / modifying Environment CRDs is typically restricted to cluster admins or platform operators.
Root cause
pkg/builder/builder.go's build-command parser did not validate the resulting executable path. Although exec.Command does not invoke a shell, it does locate the executable via $PATH, and strings.Fields splitting allowed multiple flags / sub-arguments to be passed.
Fix
Released in v1.23.0:
- PR #3364 (commit
0f45c911) introducesBuilder.resolveBuildCommandinpkg/builder/builder.go, which:
- Accepts an empty string (treated as the default
/build). - Accepts the literal
/build. - Accepts any absolute path that survives
filepath.Cleanand contains no..segments. - Rejects anything containing whitespace metacharacters or relative paths.
exec.Commandstill receives only the validated absolute path; sub-arguments continue to come fromstrings.Fieldsof the original string but are now passed positionally with no shell expansion.
Mitigation (until upgrade)
- Restrict who can create / update
EnvironmentCRDs to trusted operators only. - Audit
Environment.spec.builder.commandvalues for any non-/buildpaths. - Run the buildermgr with a tightened ServiceAccount that has no secret access in the builder namespace.
AnalysisAI
Arbitrary command execution in Fission's builder component (pkg:go/github.com/fission/fission <= 1.22.0) allows any principal with create or update privileges on Environment CRDs to redirect the builder pod to execute any binary reachable via $PATH inside the builder image. The vulnerable call site at pkg/builder/builder.go:254 passes the unsanitized Environment.spec.builder.command value directly to exec.Command after a strings.Fields split, enabling attackers to specify paths such as /bin/sh -c '...' as the build command. No public exploit has been identified at time of analysis, but the patch is confirmed released in v1.23.0 and the exploit primitive requires only a single Kubernetes API write to trigger.
Technical ContextAI
Fission is an open-source serverless framework for Kubernetes. Its buildermgr component watches Environment CRDs and drives builder pods that compile function packages. The affected code at pkg/builder/builder.go:106 performs strings.Fields(req.BuildCommand) to split the user-supplied build command into an executable and its arguments, then passes the result directly to exec.Command at line 254. Although exec.Command does not invoke a system shell, it resolves the executable via the process $PATH, meaning any absolute or PATH-relative binary in the builder image is reachable. CWE-78 (Improper Neutralization of Special Elements used in an OS Command, i.e., OS Command Injection) applies: the root cause is the absence of allowlist validation on the executable path before it reaches an OS execution sink. The affected package is identified as pkg:go/github.com_fission_fission. The fix (PR #3364, commit 0f45c911) introduces Builder.resolveBuildCommand, which allowlists only empty string (defaulting to /build), the literal /build, and absolute paths that survive filepath.Clean without .. segments, and rejects any value containing whitespace metacharacters.
RemediationAI
Upgrade Fission to v1.23.0, which is the vendor-released patch (https://github.com/fission/fission/releases/tag/v1.23.0). The fix in PR #3364 (https://github.com/fission/fission/pull/3364) introduces input validation via Builder.resolveBuildCommand that restricts the build command to /build or explicitly approved absolute paths with no path traversal or whitespace metacharacters. Until upgrade is possible, apply the following compensating controls: (1) Restrict RBAC so that only trusted cluster administrators hold create and update verbs on Environment CRDs - this is the single most effective mitigation and directly eliminates the attack surface for unprivileged namespace users. (2) Audit all existing Environment.spec.builder.command values and alert on any value that is not empty or the literal /build, as any other value is anomalous prior to v1.23.0. (3) Tighten the fission-builder ServiceAccount to remove any secret access in the builder namespace, limiting the blast radius should exploitation occur. Note that mitigations (2) and (3) reduce impact but do not close the vulnerability; only upgrading to v1.23.0 eliminates the root cause.
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36093
GHSA-7pjr-qpvh-m339