What is the CVSS score of EUVD-2026-36100?

EUVD-2026-36100 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Fission are affected by EUVD-2026-36100?

A critical privilege escalation in Fission allows users with tenant privileges to circumvent container security boundaries and gain cluster-level access, creating risk of unauthorized application…. A patch is available.

How to fix or mitigate EUVD-2026-36100?

Within 24 hours: Identify all Fission deployments and document current versions and tenant access controls. Within 7 days: Plan and test upgrade to Fission 1.24.0 in non-production environment; review and restrict tenant CRD write access if needed. Within 30 days: Complete production upgrade to Fission 1.24.0 or later and verify all deployments are running patched version.

Fission EUVD-2026-36100

| CVE-2026-50564 CRITICAL

Improper Privilege Management (CWE-269)

2026-06-10 GitHub_M

Privilege Escalation Kubernetes

9.9

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.9 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 10, 2026 - 20:01 EUVD

Source Code Evidence Fetched

Jun 10, 2026 - 18:45 vuln.today

Analysis Generated

Jun 10, 2026 - 18:45 vuln.today

CVE Published

Jun 10, 2026 - 17:27 nvd

CRITICAL 9.9

DescriptionNVD

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from the user-supplied podspec with no filtering, and Environment.Validate performed no security-relevant checks on these fields. This issue has been patched in version 1.24.0.

Articles & Coverage 2

News 12 New Kubernetes Vulnerabilities - 5 Critical, 7 High Severity Jun 11, 2026 News Critical Privilege Escalation in Fission (Kubernetes Serverless) - CVE-2026-50564 Jun 10, 2026

AnalysisAI

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with Environment CRD write access to escape the container sandbox and reach node- or cluster-level privileges by setting unfiltered fields in spec.runtime.podSpec or spec.builder.podSpec. Because the fission-executor and fission-builder service accounts schedule pods on the tenant's behalf, attacker-controlled values for hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName are merged into pod specs without validation. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain tenant RBAC on Environment CRD

Delivery

Craft Environment with hostPID/privileged/serviceAccountName in podSpec

Exploit

Submit via Kubernetes API to fission-executor

Execution

Executor merges podspec and schedules privileged pod

Persist

Pod runs with host namespaces and borrowed ServiceAccount

Impact

Pivot to node filesystem and cluster secrets

Access

Obtain tenant RBAC on Environment CRD

Delivery

Craft Environment with hostPID/privileged/serviceAccountName in podSpec

Exploit

Submit via Kubernetes API to fission-executor

Execution

Executor merges podspec and schedules privileged pod

Persist

Pod runs with host namespaces and borrowed ServiceAccount

Impact

Pivot to node filesystem and cluster secrets

Vulnerability AssessmentAI

Exploitation	Attacker must already hold Kubernetes RBAC create/update permission on the Fission Environment CRD (in any namespace where Fission's executor/builder will act), which corresponds to PR:L in the CVSS vector - a normal Fission function-developer role in a multi-tenant cluster. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Signals are largely aligned on high severity but with important caveats. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A tenant with permission to create or update Fission Environment objects in their namespace submits an Environment whose spec.runtime.podSpec sets hostPID: true, a privileged securityContext, and serviceAccountName pointing to a higher-privileged controller account. When the fission-executor schedules the runtime pod on the tenant's behalf, the merged podspec runs privileged on a node with full host PID visibility and the borrowed ServiceAccount token, letting the attacker pivot to other tenants' workloads, read node secrets, or escalate to cluster-admin. …
Remediation	Vendor-released patch: upgrade Fission to 1.24.0 or later (https://github.com/fission/fission/releases/tag/v1.24.0), which introduces ValidatePodSpecSafety in pkg/apis/core/v1/podspec_safety.go to reject hostNetwork, hostPID, hostIPC, serviceAccountName/DeprecatedServiceAccount overrides, hostPath volumes, container privileged, allowPrivilegeEscalation, and dangerous capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE) via the admission webhook on both CREATE and UPDATE; see PR https://github.com/fission/fission/pull/3391 and advisory https://github.com/fission/fission/security/advisories/GHSA-gx55-f84r-v3r7. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Fission deployments and document current versions and tenant access controls. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-50563 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with Fu

CVE-2026-50566 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission prior to version 1.24.0 allows a tenant holding environments.fission.io create/update RB

CVE-2026-50545 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission prior to 1.24.0 allows an authenticated user with permission to create or modify Environ

CVE-2026-49824 HIGH This Week

8.5 Jun 10

Cross-namespace access control bypass in Fission (Kubernetes-native serverless framework) prior to 1.24.0 allows an auth

CVE-2026-50570 HIGH This Week

8.5 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.25.0 allows a tenant with pe

EUVD-2026-36100 vulnerability details – vuln.today

Back

Fission EUVD-2026-36100

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Articles & Coverage 2

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code