CVE-2026-49821— Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-49821
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration
Source: NVD (National Vulnerability Database)
Vulnerability Description
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. This issue has been patched in version 1.24.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
未有动机的代理或中间人(混淆代理)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Fission 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Fission是Fission开源的一个基于Kubernetes的函数部署框架。 Fission 1.24.0之前版本存在安全漏洞,该漏洞源于buildermgr控制器处理Package CRD时未验证Package.spec.environment.namespace与Package.metadata.namespace是否匹配。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-49821
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 10462 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-49821
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-49821 (1)
Vendor Advisories for CVE-2026-49821 (1)
Vendor Pages for CVE-2026-49821 (1)
Same Patch Batch · fission · 2026-06-10 · 17 CVEs total
| CVE-2026-50563 | 9.9 CRITICAL | Fission Container Executor Function PodSpec Injection Leading to Node Escape |
| CVE-2026-50566 | 9.9 CRITICAL | Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows |
| CVE-2026-50545 | 9.9 CRITICAL | Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover |
| CVE-2026-50564 | 9.9 CRITICAL | Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, n |
| CVE-2026-46614 | 9.8 CRITICAL | Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invo |
| CVE-2026-46612 | 8.8 HIGH | Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function arc |
| CVE-2026-49824 | 8.5 HIGH | Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function |
| CVE-2026-50570 | 8.5 HIGH | Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows |
| CVE-2026-49823 | 7.7 HIGH | Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission web |
| CVE-2026-49822 | 7.7 HIGH | Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant |
| CVE-2026-50567 | 7.7 HIGH | Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the destin |
| CVE-2026-50565 | 4.9 MEDIUM | Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-suppl |
| CVE-2026-50569 | 4.3 MEDIUM | Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypass |
| CVE-2026-50568 | 3.6 LOW | Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape |
| CVE-2026-46617 | Fission runtime pods automount the fission-fetcher service-account token into the user fun | |
| CVE-2026-46618 | Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, |
IV. Related Vulnerabilities
Same product: fission
- CVE-2026-50570
Fission: Incomplete capability denylist in Environment/Funct - CVE-2026-50569
Fission: HTTPTrigger admission omits RelativeURL / Prefix va - CVE-2026-50568
Fission: SanitizeFilePath lexical HasPrefix bypass permits s - CVE-2026-50567
Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetch - CVE-2026-50566
Fission: Environment Runtime.Container and Builder.Container
Same vendor: fission
- CVE-2026-50570
Fission: Incomplete capability denylist in Environment/Funct - CVE-2026-50569
Fission: HTTPTrigger admission omits RelativeURL / Prefix va - CVE-2026-50568
Fission: SanitizeFilePath lexical HasPrefix bypass permits s - CVE-2026-50567
Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetch - CVE-2026-50566
Fission: Environment Runtime.Container and Builder.Container
Same weakness: CWE-441
- CVE-2026-53931
NocoDB: Server-Side Request Forgery via Spreadsheet Import E - CVE-2026-44494
Axios: Full Man-in-the-Middle via Prototype Pollution Gadget - CVE-2026-48522
PyJWKClient: missing scheme allowlist enables SSRF + token f - CVE-2026-3160
Unintended Proxy or Intermediary ('Confused Deputy') in GitL - CVE-2026-45003
OpenClaw < 2026.4.22 - Connector Endpoint Host Override via
V. Comments for CVE-2026-49821
No comments yet