{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-46617/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-10T18:20:14.471Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-46617","@id":"https://www.cve.org/CVERecord?id=CVE-2026-46617","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps (it needs that to load function code, env vars, and config). The runtime pod's automounted token was reachable from inside the user's function container at /var/"},"products":[{"@id":"cpe:2.3:a:fission:fission:\\<_1.23.0:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:fission:fission:\\<_1.23.0:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-10T18:20:14.471Z"}]}