How is CVE-2026-46614 exploited?

Network reachability (required): The attacker must be able to reach the Fission router service over the network on port 8888; any caller with TCP access to that listener can exploit this vulnerability. Authentication (not-required): No credentials or account of any kind are required; the internal /fission-function route accepts unauthenticated requests. Victim interaction (not-required): The attacker sends HTTP requests directly to the router with no need for any user to take an action. Attack complexity (info): Exploitation is reliable and condition-free; the attacker only needs to know or enumerate a function's metadata name and namespace, both of which are predictable in typical Fission deployments.

What is the impact of CVE-2026-46614?

Reads the output of any deployed function, including responses that contain secrets, tokens, or user data returned by that function's logic. Invokes write-path functions to modify persisted records, trigger downstream API calls, or alter application state without authorization. Triggers compute-intensive or destructive functions repeatedly, exhausting CPU, memory, or downstream service quotas and causing service disruption. Completely bypasses all HTTPTrigger access controls, rendering every host, path, method, and allow-list restriction ineffective across the entire Fission deployment.

Back to search

CRITICALCVE-2026-46614Published 2026-06-10Modified 2026-06-11CNA GitHub_M

CVE-2026-46614: Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/<name> and /fission-function/<ns>/<name> — for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers (svc/router, port 8888), so any caller who could reach the router could invoke any function by guessing its metadata.name (and namespace), bypassing the host / path / method / method-allow-list restrictions encoded in HTTPTrigger objects. This issue has been patched in version 1.23.0.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An authentication bypass vulnerability in the Fission Kubernetes-native serverless router (versions before 1.23.0) allows any network-reachable caller to invoke arbitrary functions by requesting /fission-function/<namespace>/<name> directly, without requiring a corresponding HTTPTrigger to exist. The route is registered on the same public listener (port 8888) as user-defined triggers, so attackers can bypass all host, path, method, and allow-list restrictions simply by knowing or guessing a function's name and namespace. Successful exploitation gives an attacker full invocation control over every deployed function, enabling data disclosure, data tampering, and arbitrary code execution depending on function behavior. No fix version has been published yet; HarborGuard tracks the upstream advisory and will make a patched-image rebuild available as soon as a fix is released.

HarborGuard Coverage

Detection

Detection of CVE-2026-46614 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built Fission router images. Any image carrying a Fission router component below the eventual fix version will be flagged automatically.

Available

Triage

HarborGuard surfaces this CVE with its CVSS v3.1 score of 9.8 (CRITICAL) and applies per-environment compliance policy weighting to determine urgency and routing. Triage tickets are dispatched to the team or inbox configured in each customer org for serverless infrastructure findings.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the Fission advisory each ingest cycle and will make a patched-image rebuild available the moment version 1.23.0 or a later fix is released upstream. For customers who opt into auto-remediation, the rebuild, regression test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the Fission router service over the network on port 8888; any caller with TCP access to that listener can exploit this vulnerability.
AuthenticationNot required
No credentials or account of any kind are required; the internal /fission-function route accepts unauthenticated requests.
Victim interactionNot required
The attacker sends HTTP requests directly to the router with no need for any user to take an action.
Attack complexityDetail
Exploitation is reliable and condition-free; the attacker only needs to know or enumerate a function's metadata name and namespace, both of which are predictable in typical Fission deployments.

Blast Radius

Reads the output of any deployed function, including responses that contain secrets, tokens, or user data returned by that function's logic.
Invokes write-path functions to modify persisted records, trigger downstream API calls, or alter application state without authorization.
Triggers compute-intensive or destructive functions repeatedly, exhausting CPU, memory, or downstream service quotas and causing service disruption.
Completely bypasses all HTTPTrigger access controls, rendering every host, path, method, and allow-list restriction ineffective across the entire Fission deployment.

How HarborGuard Handles This

Available on HarborGuard: because no upstream patch exists at this time, HarborGuard continuously re-evaluates the Fission advisory on every ingest cycle and will surface the patched-image rebuild capability the moment version 1.23.0 is published. In the interim, compensating controls worth applying in affected environments include network-policy isolation that restricts access to the router service (port 8888) to known, trusted sources only; egress filtering on the Kubernetes namespace running the router to limit lateral movement if a function is abused; and auditing deployed Function objects to identify and disable any function whose invocation would have high impact if called without authorization. For customers who opt into auto-remediation, the moment an upstream fix version is confirmed, HarborGuard will trigger a patched rebuild, run regression tests, and open a PR against affected workloads automatically.

See how HarborGuard automates this

Affected packages

fission / fission
< 1.23.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Metrics

Get notified