Vulnerabilidades em fission
17 resultadosCVE-2026-46618MEDIUMFission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executablesEPSS 0.4%CVE-2026-46614CRITICALFission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTriggerEPSS 0.4%CVE-2026-46612HIGHFission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archivesEPSS 0.3%CVE-2026-50567HIGHFission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the destination directoryEPSS 0.3%CVE-2026-50545CRITICALFission Environment CRD PodSpec Injection Leading to Node Escape and Cluster TakeoverEPSS 0.3%CVE-2026-50566CRITICALFission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creationEPSS 0.3%CVE-2026-46617HIGHFission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap readEPSS 0.3%CVE-2026-50564CRITICALFission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escapeEPSS 0.3%CVE-2026-50563CRITICALFission Container Executor Function PodSpec Injection Leading to Node EscapeEPSS 0.3%CVE-2026-50570HIGHFission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-clock corruptionEPSS 0.3%CVE-2026-49823HIGHFission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhookEPSS 0.3%CVE-2026-50565MEDIUMFission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder containerEPSS 0.3%CVE-2026-49822HIGHFission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillanceEPSS 0.2%CVE-2026-49821HIGHFission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltrationEPSS 0.2%CVE-2026-50569MEDIUMFission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypasses CLI checksEPSS 0.2%CVE-2026-49824HIGHFission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhookEPSS 0.2%CVE-2026-50568LOWFission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escapeEPSS 0.1%