CVE-2026-50545

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. This issue has been patched in version 1.24.0.

Fix

Improper Privilege Management

Improper Access Control

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-284CWE-693

Related Identifiers

CVE-2026-50545

Affected Products

Fission

CVE-2026-50545

Weakness Enumeration

Related Identifiers

Affected Products

References · 5