Fission Container Executor Function PodSpec Injection Leading to Node Escape

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user's container image. This issue has been patched in version 1.24.0.

AI Analysis

Fission Container Executor Function PodSpec Injection vulnerability leading to node escape

Basic Information

ID CVE-2026-50563

Source GitHub_M

Published Jun 10, 2026 at 17:27

Affected Product

Vendor fission

Product fission

Version < 1.24.0

Affected Versions fission fission < 1.24.0

CWE Classification

CWE-269 CWE-284

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor Platform9

Product Fission

Version < 1.24.0

References

{
    "lastseen": "",
    "description": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user's container image. This issue has been patched in version 1.24.0.",
    "published": "2026-06-10T17:27:18.502Z",
    "modified": "2026-06-10T17:27:18.502Z",
    "type": "cve",
    "title": "Fission Container Executor Function PodSpec Injection Leading to Node Escape",
    "source": "GitHub_M",
    "references": "https://github.com/fission/fission/security/advisories/GHSA-v455-mv2v-5g92\nhttps://github.com/fission/fission/pull/3391\nhttps://github.com/fission/fission/releases/tag/v1.24.0",
    "id": "CVE-2026-50563",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "fission fission < 1.24.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "fission",
    "version": "< 1.24.0",
    "vendor": "fission",
    "ai_description": "Fission Container Executor Function PodSpec Injection vulnerability leading to node escape",
    "ai_severity": "Critical",
    "ai_vendor": "Platform9",
    "ai_product": "Fission",
    "ai_version": "< 1.24.0",
    "ai_score": 9.9
}

Fission Container Executor Function PodSpec Injection Leading to Node Escape_CVE-2026-50563