CVE-2026-50545

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.9 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. This issue has been patched in version 1.24.0.

Vulnerability Details

Published Date

June 10, 2026

Last Modified

June 12, 2026

CWE ID

CWE-269

Source

NVD

Vendor

fission

Product

fission

External References

https://github.com/fission/fission/pull/3390
https://github.com/fission/fission/pull/3391
https://github.com/fission/fission/releases/tag/v1.24.0
https://github.com/fission/fission/security/advisories/GHSA-wmgg-3p4h-48x7

CVE-2026-50545

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment