Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read_CVE-2026-46617

{
    "lastseen": "",
    "description": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps (it needs that to load function code, env vars, and config). The runtime pod's automounted token was reachable from inside the user's function container at /var/run/secrets/kubernetes.io/serviceaccount/token, so user-supplied function code inherited the same Kubernetes API privileges and could read any secret or configmap in the function's namespace \u2014 far beyond the Function.spec.secrets allowlist that the function specification suggests. This issue has been patched in version 1.23.0.",
    "published": "2026-06-10T17:20:10.375Z",
    "modified": "2026-06-10T18:20:14.471Z",
    "type": "cve",
    "title": "Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read",
    "source": "GitHub_M",
    "references": "https://github.com/fission/fission/security/advisories/GHSA-85g2-pmrx-r49q\nhttps://github.com/fission/fission/pull/3366\nhttps://github.com/fission/fission/releases/tag/v1.23.0",
    "id": "CVE-2026-46617",
    "bulletinFamily": "",
    "cwe": [
        "CWE-250",
        "CWE-269",
        "CWE-538"
    ],
    "cvelist": null,
    "sourceData": "fission fission < 1.23.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "fission",
    "version": "< 1.23.0",
    "vendor": "fission",
    "ai_description": "Fission runtime pods are vulnerable to namespace-wide secret and configmap read due to the automounted token, allowing user-supplied function code to inherit Kubernetes API privileges.",
    "ai_severity": "High",
    "ai_vendor": "Platform9",
    "ai_product": "Fission",
    "ai_version": "< 1.23.0",
    "ai_score": 8.7
}