CVE-2026-50563
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications. In versions prior to 1.24.0, the Container Executor path allowed users to supply pod specifications directly, which could lead to unauthorized access to resources.
Risk Assessment
Organizations may be exposed to unauthorized resource usage and potential attacks if they do not upgrade Fission to version 1.24.0.
Recommendation
It is recommended to upgrade Fission to version 1.24.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user's container image. This issue has been patched in version 1.24.0.

