CVE Catalog

CVE-2026-50563

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile — higher than 11% of all known CVEs

Summary

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications. In versions prior to 1.24.0, the Container Executor path allowed users to supply pod specifications directly, which could lead to unauthorized access to resources.

Risk Assessment

Organizations may be exposed to unauthorized resource usage and potential attacks if they do not upgrade Fission to version 1.24.0.

Recommendation

It is recommended to upgrade Fission to version 1.24.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user's container image. This issue has been patched in version 1.24.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS