CVE-2026-49823— Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook
Possible ATT&CK Techniques 1AI
T1098 · Account ManipulationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-49823
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook
Source: NVD (National Vulnerability Database)
Vulnerability Description
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by the admission webhook; PackageRef.Namespace was not. This issue has been patched in version 1.24.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-49823
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 7796 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-49823
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-49823 (1)
Vendor Advisories for CVE-2026-49823 (1)
Vendor Pages for CVE-2026-49823 (1)
Same Patch Batch · fission · 2026-06-10 · 17 CVEs total
| CVE-2026-50563 | 9.9 CRITICAL | Fission Container Executor Function PodSpec Injection Leading to Node Escape |
| CVE-2026-50566 | 9.9 CRITICAL | Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows |
| CVE-2026-50545 | 9.9 CRITICAL | Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover |
| CVE-2026-50564 | 9.9 CRITICAL | Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, n |
| CVE-2026-46614 | 9.8 CRITICAL | Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invo |
| CVE-2026-46612 | 8.8 HIGH | Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function arc |
| CVE-2026-49824 | 8.5 HIGH | Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function |
| CVE-2026-50570 | 8.5 HIGH | Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows |
| CVE-2026-49822 | 7.7 HIGH | Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant |
| CVE-2026-49821 | 7.7 HIGH | Fission: Cross-namespace Environment reference in Package allows build-time command execut |
| CVE-2026-50567 | 7.7 HIGH | Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the destin |
| CVE-2026-50565 | 4.9 MEDIUM | Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-suppl |
| CVE-2026-50569 | 4.3 MEDIUM | Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypass |
| CVE-2026-50568 | 3.6 LOW | Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape |
| CVE-2026-46617 | Fission runtime pods automount the fission-fetcher service-account token into the user fun | |
| CVE-2026-46618 | Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, |
IV. Related Vulnerabilities
Same product: fission
- CVE-2026-50570
Fission: Incomplete capability denylist in Environment/Funct - CVE-2026-50569
Fission: HTTPTrigger admission omits RelativeURL / Prefix va - CVE-2026-50568
Fission: SanitizeFilePath lexical HasPrefix bypass permits s - CVE-2026-50567
Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetch - CVE-2026-50566
Fission: Environment Runtime.Container and Builder.Container
Same vendor: fission
- CVE-2026-50570
Fission: Incomplete capability denylist in Environment/Funct - CVE-2026-50569
Fission: HTTPTrigger admission omits RelativeURL / Prefix va - CVE-2026-50568
Fission: SanitizeFilePath lexical HasPrefix bypass permits s - CVE-2026-50567
Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetch - CVE-2026-50566
Fission: Environment Runtime.Container and Builder.Container
Same weakness: CWE-284
- CVE-2026-53520
Nezha Monitoring: Authenticated users can claim the dashboar - CVE-2026-44783
Discourse: Replying to a whisper lets non-whisperers create - CVE-2026-47182
Frappe: Broken Access Control on Private Files - CVE-2026-44976
Frappe: IDOR in update_onboarding_step - CVE-2026-44208
Frappe: IDOR in `submit_discussion()`
V. Comments for CVE-2026-49823
No comments yet