How is CVE-2026-49821 exploited?

Network reachability (required): The attacker must reach the Kubernetes API server over the network to submit the malicious Package CRD. Authentication (required): Any low-privilege Kubernetes account with permission to create or modify Package resources is sufficient; no administrative role is needed. Victim interaction (not-required): No user action is required; the buildermgr controller processes the malicious Package automatically on creation. Attack complexity (info): Exploitation is reliable and condition-free; the attacker only needs to supply a Package manifest referencing a foreign Environment namespace.

What is the impact of CVE-2026-49821?

Reads Kubernetes service-account tokens associated with the target namespace, enabling further lateral movement within the cluster. Reads build-time output and any secrets injected into the builder environment belonging to the cross-namespace Environment. Bypasses namespace-level isolation boundaries, exposing resources in namespaces the attacker has no direct permission to access.

Back to search

HIGHCVE-2026-49821Published 2026-06-10Modified 2026-06-10CNA GitHub_M

CVE-2026-49821: Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. This issue has been patched in version 1.24.0.

CVSS v3.1: 7.7
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A missing namespace-validation check in Fission's buildermgr controller allows an authenticated user to craft a Package custom resource that references an Environment from a foreign namespace. The attack travels over the network and requires a low-privilege Kubernetes account, with no victim interaction needed. Successful exploitation gives the attacker read access to sensitive data, including build-time command execution output and Kubernetes service-account tokens belonging to the targeted namespace. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection of CVE-2026-49821 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built Fission controller images, as they move through registries and CI pipelines.

Available

Triage

HarborGuard scores this issue at CVSS 7.7 HIGH and weights it against each environment's compliance policy to surface it at the correct priority. Routing to the appropriate team inbox within each customer org is available out of the box.

Available

Patch

Because no upstream fix version has been published yet, HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix appears upstream. Until then, the affected image version remains flagged as unresolved in each customer's scan results.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Kubernetes API server over the network to submit the malicious Package CRD.
AuthenticationRequired
Any low-privilege Kubernetes account with permission to create or modify Package resources is sufficient; no administrative role is needed.
Victim interactionNot required
No user action is required; the buildermgr controller processes the malicious Package automatically on creation.
Attack complexityDetail
Exploitation is reliable and condition-free; the attacker only needs to supply a Package manifest referencing a foreign Environment namespace.

Blast Radius

Reads Kubernetes service-account tokens associated with the target namespace, enabling further lateral movement within the cluster.
Reads build-time output and any secrets injected into the builder environment belonging to the cross-namespace Environment.
Bypasses namespace-level isolation boundaries, exposing resources in namespaces the attacker has no direct permission to access.

How HarborGuard Handles This

Available on HarborGuard: all images containing the Fission buildermgr component are scanned and flagged against CVE-2026-49821 on each pipeline run. Because no upstream fix exists yet, the advisory is re-checked on every ingest cycle. The moment a fix is published, a patched-image rebuild becomes available automatically; for customers who opt into auto-remediation, that triggers a rebuild, a regression-test run, and a PR opened against affected workloads. In the interim, compensating controls worth considering include Kubernetes NetworkPolicy rules that restrict which service accounts can create Package resources, namespace-scoped RBAC tightening to limit cross-namespace resource references, and egress filtering on builder pods to reduce the value of any exfiltrated tokens. HarborGuard will surface any upstream advisory update as soon as it is ingested.

See how HarborGuard automates this

Affected packages

fission / fission
< 1.24.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

Metrics

Get notified