How is CVE-2026-50563 exploited?

Network reachability (required): The vulnerable Fission API endpoint is exposed over the network, so an attacker must be able to reach the service remotely. Authentication (required): A low-privilege tenant account is sufficient; no administrative credentials are needed to supply a malicious pod spec. Victim interaction (not-required): No victim action is needed; the attacker submits the malicious Function spec directly to the API without involving another user. Attack complexity (info): Exploitation is reliable and condition-free; no race conditions or special environmental factors are required to inject the pod spec.

What is the impact of CVE-2026-50563?

Reads secrets, service account tokens, and environment variables belonging to other workloads running on the same Kubernetes node. Modifies or deletes pod configurations and persisted data accessible from the node, including volumes mounted by co-located workloads. Crashes or disrupts unrelated services on the node by exhausting shared resources or terminating co-located containers. Escapes the container boundary entirely and gains execution-level access to the underlying node host, enabling lateral movement across the cluster.

Back to search

CRITICALCVE-2026-50563Published 2026-06-10Modified 2026-06-12CNA GitHub_M

CVE-2026-50563: Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user's container image. This issue has been patched in version 1.24.0.

CVSS v3.1: 9.9
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A PodSpec injection vulnerability in Fission, the Kubernetes-native serverless framework, allows an authenticated tenant to supply arbitrary pod specifications through the Function.spec.podspec field in the Container Executor path. The executor merges the tenant-controlled input directly into its own pod spec before creating a Deployment, and the attack is reachable over the network with only a low-privilege account. Successful exploitation enables a full node escape: the attacker gains the ability to read, modify, and disrupt workloads and data across the underlying Kubernetes node. No fix version has been published yet; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection of CVE-2026-50563 is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built Fission images, as they appear in registries and CI/CD pipelines.

Available

Triage

Triage capability for this CVE is available with a CVSS score of 9.9 (Critical). Per-environment compliance policy weighting is applied automatically, and the finding is routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

Because no upstream fix has been published, HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available the moment version 1.24.0 or a later fix is released upstream. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable Fission API endpoint is exposed over the network, so an attacker must be able to reach the service remotely.
AuthenticationRequired
A low-privilege tenant account is sufficient; no administrative credentials are needed to supply a malicious pod spec.
Victim interactionNot required
No victim action is needed; the attacker submits the malicious Function spec directly to the API without involving another user.
Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions or special environmental factors are required to inject the pod spec.

Blast Radius

Reads secrets, service account tokens, and environment variables belonging to other workloads running on the same Kubernetes node.
Modifies or deletes pod configurations and persisted data accessible from the node, including volumes mounted by co-located workloads.
Crashes or disrupts unrelated services on the node by exhausting shared resources or terminating co-located containers.
Escapes the container boundary entirely and gains execution-level access to the underlying node host, enabling lateral movement across the cluster.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for CVE-2026-50563 at this time, the platform monitors the Fission advisory on every ingest cycle and will automatically trigger a patched-image rebuild and, for customers with auto-remediation enabled, open a PR against affected workloads the moment version 1.24.0 is published upstream. In the interim, compensating controls are available to reduce exposure: network-policy isolation can restrict which principals reach the Fission executor API; RBAC policies can be tightened to limit who holds tenant-level function-creation privileges; and admission controllers such as OPA Gatekeeper or Kyverno can be configured to reject Function resources that include a spec.podspec field until a fix is in place. Where compliance policy permits, HarborGuard can surface these compensating-control recommendations as actionable findings routed to the owning team.

See how HarborGuard automates this

Affected packages

fission / fission
< 1.24.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References

Metrics

Get notified