CVE Catalog

CVE-2026-50545

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

20th percentile — higher than 20% of all known CVEs

Summary

Fission is a serverless framework, native to Kubernetes, that simplifies the deployment of functions and applications. Prior to version 1.24.0, the lack of validation in Environment.spec.runtime.podSpec / spec.builder.podSpec led to the propagation of dangerous fields into generated pods.

Risk Assessment

The lack of validation could allow unauthorized or dangerous configurations to be introduced into pods, posing a security risk to applications running in Kubernetes.

Recommendation

It is recommended to upgrade to version 1.24.0 or later to eliminate this vulnerability and ensure proper validation of pod configurations.

Original NVD description (English source)

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. This issue has been patched in version 1.24.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS