HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-50570Published Modified CNA GitHub_M

CVE-2026-50570: Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-clock corruption

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs (ValidatePodSpecSafety / ValidateContainerSafety admission webhook + sanitizeContainerSecurityContext executor merge layer), but the capability check was implemented as a fixed denylist of six Linux capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The denylist omitted CAP_SYS_TIME, among others. As a result, a tenant who could create a Function or Environment CRD could request securityContext.capabilities.add: ["SYS_TIME"], pass Fission's admission validation and merge-layer sanitization, and run attacker-controlled code with CAP_SYS_TIME in the resulting function or runtime container. This issue has been patched in version 1.25.0.

Metrics

CVSS v3.1
8.5
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An incomplete capability denylist in Fission's PodSpec admission validation allows a low-privileged tenant to inject CAP_SYS_TIME into a Function or Environment container running on a shared Kubernetes node. The vulnerability is reachable over the network by any authenticated tenant with CRD create access, requiring no victim interaction. Successful exploitation lets the attacker run container code with CAP_SYS_TIME, corrupting the system clock for all workloads sharing the same node and disrupting time-dependent operations across tenant boundaries. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment upstream publishes a fix version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built Fission-derived images, in both registry scans and CI pipeline checks.

Available
Triage

HarborGuard scores this CVE at CVSS 8.5 HIGH and applies each customer organization's compliance policy weighting to determine urgency and routing, directing findings to the appropriate team inbox without manual triage overhead.

Available
Patch

Because no fix version has been published upstream, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Fission ships a resolved release. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads without any manual intervention required.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Fission API server over the network to submit a malicious Function or Environment CRD.

  • AuthenticationRequired

    A low-privilege account with permission to create Function or Environment CRDs is sufficient; no admin credentials are needed.

  • Victim interactionNot required

    No user interaction is needed; the attacker submits the CRD directly and the capability is applied at container scheduling time.

  • Attack complexityDetail

    Exploitation is reliable and condition-free: the denylist gap is deterministic and no race condition or memory-layout dependency is involved.

Blast Radius

  • Attacker-controlled container code runs with CAP_SYS_TIME, allowing direct manipulation of the node's system clock via settimeofday or adjtimex syscalls.
  • All other workloads on the same Kubernetes node, including containers belonging to other tenants, experience clock skew or sudden time jumps that break time-sensitive logic such as token expiry, TLS certificate validation, and job scheduling.
  • Persistent clock corruption can cause Kubernetes control-plane components on the affected node (kubelet, kube-proxy) to log incorrect timestamps, complicating incident response and audit trails.
  • The integrity impact is scoped beyond the attacker's own namespace (CVSS scope Change), meaning the blast radius extends to co-located tenant workloads and node-level system services.

How HarborGuard Handles This

Available on HarborGuard: because no patched version of Fission has been published for this CVE, the rebuild-and-PR auto-remediation flow is not yet available. HarborGuard re-checks the advisory on every feed ingest cycle and will make a patched-image rebuild available, and open PRs for customers with auto-remediation enabled, the moment Fission 1.25.0 or a later fix release is confirmed upstream. In the interim, compensating controls are worth considering: network policy rules can restrict which service accounts or namespaces are permitted to submit Function and Environment CRDs to the Fission API; admission policies (OPA Gatekeeper or Kyverno) can be layered on top of Fission's own webhook to explicitly deny any securityContext.capabilities.add entry not in a known-safe allowlist; and node isolation (dedicated node pools for untrusted tenant functions) limits the blast radius of a successful CAP_SYS_TIME injection to a smaller set of co-located workloads. HarborGuard surfaces all of these findings at the image and workload level so security teams can prioritize node-isolation changes for images confirmed to run Fission environments in multi-tenant clusters.

See how HarborGuard automates this
Affected packages
  • fission / fission
    < 1.25.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
References