CVE-2026-50545
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
Fission is a serverless framework, native to Kubernetes, that simplifies the deployment of functions and applications. Prior to version 1.24.0, the lack of validation in Environment.spec.runtime.podSpec / spec.builder.podSpec led to the propagation of dangerous fields into generated pods.
Risk Assessment
The lack of validation could allow unauthorized or dangerous configurations to be introduced into pods, posing a security risk to applications running in Kubernetes.
Recommendation
It is recommended to upgrade to version 1.24.0 or later to eliminate this vulnerability and ensure proper validation of pod configurations.
Original NVD description (English source)
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. This issue has been patched in version 1.24.0.

