How is CVE-2026-49823 exploited?

Network reachability (required): The Fission admission webhook is exposed over the network, so an attacker must be able to reach the Kubernetes API server (and by extension the webhook) across the network. Authentication (required): The attacker must hold a low-privilege Kubernetes account with enough RBAC permission to create or update Function resources; unauthenticated access is not sufficient. Victim interaction (not-required): No human target needs to take any action; the attacker submits a crafted Function spec directly to the API server. Attack complexity (info): Exploitation is reliable and condition-free: the attacker only needs to set PackageRef.Namespace to a target namespace in a Function spec, with no race conditions or special environmental state required.

What is the impact of CVE-2026-49823?

Reads the full contents of any Fission Package object in any namespace in the cluster, regardless of the attacker's own namespace permissions. Exposes build artifacts, compiled function binaries, and source archives stored inside those Package objects. Reveals namespace names and Package metadata, giving the attacker a map of the cluster's function workloads for further targeting.

Back to search

HIGHCVE-2026-49823Published 2026-06-10Modified 2026-06-10CNA GitHub_M

CVE-2026-49823: Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by the admission webhook; PackageRef.Namespace was not. This issue has been patched in version 1.24.0.

CVSS v3.1: 7.7
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an authorization bypass vulnerability in Fission, the Kubernetes-native serverless framework. A low-privileged, authenticated user can craft a Function spec that references a Package in a namespace they do not have access to, bypassing the admission webhook's namespace validation. Successful exploitation lets the attacker read the contents of any Fission Package across all namespaces in the cluster, including potentially sensitive build artifacts and source code. No fix version has been published yet; HarborGuard tracks the upstream advisory and will make a patched-image rebuild available as soon as a fix is released.

HarborGuard Coverage

Detection

Detection for CVE-2026-49823 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built Fission images running versions below 1.24.0.

Available

Triage

HarborGuard scores this CVE at CVSS 7.7 HIGH and applies per-environment compliance policy weighting to prioritize routing; findings are delivered to the inbox or ticketing integration configured for each customer org.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available at version 1.24.0 the moment the upstream release is confirmed. In the meantime, findings are held open and re-evaluated automatically so no manual re-scan is needed.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The Fission admission webhook is exposed over the network, so an attacker must be able to reach the Kubernetes API server (and by extension the webhook) across the network.
AuthenticationRequired
The attacker must hold a low-privilege Kubernetes account with enough RBAC permission to create or update Function resources; unauthenticated access is not sufficient.
Victim interactionNot required
No human target needs to take any action; the attacker submits a crafted Function spec directly to the API server.
Attack complexityDetail
Exploitation is reliable and condition-free: the attacker only needs to set PackageRef.Namespace to a target namespace in a Function spec, with no race conditions or special environmental state required.

Blast Radius

Reads the full contents of any Fission Package object in any namespace in the cluster, regardless of the attacker's own namespace permissions.
Exposes build artifacts, compiled function binaries, and source archives stored inside those Package objects.
Reveals namespace names and Package metadata, giving the attacker a map of the cluster's function workloads for further targeting.

How HarborGuard Handles This

Available on HarborGuard: images running a Fission version below 1.24.0 are flagged as affected the moment the CVE is ingested. Because no upstream fix has been published, HarborGuard monitors the advisory on every ingest cycle and will automatically initiate a patched-image rebuild at version 1.24.0 as soon as the upstream release is confirmed. For customers with auto-remediation enabled, that rebuild triggers a regression-test run and a PR opened against affected workloads with no manual intervention needed. While waiting for a patch, compensating controls worth considering include tightening Kubernetes RBAC to restrict which service accounts and users can create or update Function resources, applying namespace-scoped network policies to limit lateral access to the Fission controller, and auditing existing Function specs for unexpected cross-namespace PackageRef values.

See how HarborGuard automates this

Affected packages

fission / fission
< 1.24.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

Metrics

Get notified