CVE-2026-49821: Fission Namespace Validation Flaw in Kubernetes Serverless Framework
Fission, a Kubernetes serverless framework, contained a namespace validation flaw in its Package controller prior to version 1.24.0. The buildermgr controller failed to verify that the environment namespace specified in a Package resource matched its actual namespace, potentially allowing authenticated users to reference functions or configurations from unintended namespaces. This cross-namespace access could expose sensitive data or functions, though it requires valid Kubernetes authentication to exploit. The issue is resolved in version 1.24.0 and later.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.7 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
- Weaknesses (CWE)
- CWE-441, CWE-862
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-10 / 2026-06-17
NVD description (verbatim)
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. This issue has been patched in version 1.24.0.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from insufficient input validation in Fission's buildermgr controller when processing Package Custom Resource Definitions (CRDs). Specifically, the controller did not enforce that Package.spec.environment.namespace must equal Package.metadata.namespace before allowing Package creation or modification. This namespace confusion permits authenticated principals to construct Package resources that reference environments outside their intended namespace scope, violating Kubernetes' multi-tenancy isolation model. The flaw maps to improper handling of namespace boundaries (CWE-441: Unintended Proxy or Intermediary) and insufficient access control enforcement (CWE-862: Missing Authorization). Patched in Fission 1.24.0.
Business impact
In shared Kubernetes clusters or multi-tenant Fission deployments, this vulnerability could allow one team or application to inadvertently access or invoke functions provisioned by another team. An attacker with valid cluster credentials could exploit the flaw to read sensitive function code, access restricted configurations, or trigger unintended serverless workloads. Organizations relying on Fission for workload isolation within a single cluster face degraded security boundaries, particularly in regulated environments where namespace-based isolation is a control requirement.
Affected systems
Fission versions prior to 1.24.0 are affected. The buildermgr controller component is the attack vector; any deployment exposing Fission's Kubernetes API (which is standard) is vulnerable if running an unpatched version. Clusters using Fission as their serverless framework and relying on Kubernetes RBAC and namespace isolation are at risk if users or service accounts have permission to create or modify Package CRDs.
Exploitability
Exploitation requires valid Kubernetes authentication (Privilege Level: Low in CVSS terms, meaning authenticated access is necessary). An attacker cannot exploit this anonymously; they must possess credentials to access the Fission-enabled Kubernetes cluster and have permissions to create or modify Package resources. No user interaction is needed once authenticated. The attack vector is network-accessible via the Kubernetes API. The scope is changed (CVSS:S:C), meaning the vulnerability can affect resources and users outside the component's intended security scope—specifically, cross-namespace access.
Remediation
Upgrade Fission to version 1.24.0 or later. Administrators should first audit existing Package CRDs to identify any where spec.environment.namespace differs from metadata.namespace and remediate those configurations manually. Apply network policies and RBAC rules to restrict which service accounts or users can create Package CRDs to minimize the window of exposure during any upgrade delay. For environments where immediate patching is infeasible, consider restricting cluster access and monitoring Package CRD creation events.
Patch guidance
1. Verify your current Fission version via `helm list` or `fission version` command. 2. Review the Fission project's official release notes for version 1.24.0 to confirm patch compatibility with your Kubernetes version and Fission configuration. 3. Update your Fission deployment using Helm or your deployment method: `helm upgrade fission fission/fission --version 1.24.0` (adjust chart repository and namespace as needed). 4. Validate that the buildermgr controller pod restarts and enters a running state. 5. Re-test Package creation workflows to ensure no regressions.
Detection guidance
Monitor Kubernetes API audit logs for Package CRD creation or modification events where spec.environment.namespace does not match metadata.namespace. Use kubectl queries like `kubectl get packages -A -o json | jq '.items[] | select(.spec.environment.namespace != .metadata.namespace)'` to identify non-compliant resources post-deployment. Enable Kubernetes audit logging with detailed event capture if not already active. Consider deploying an admission webhook or policy engine (e.g., Kyverno, OPA/Gatekeeper) to enforce namespace matching validation on Package resources as an additional control layer.
Why prioritize this
A CVSS 7.7 HIGH severity rating reflects the confidentiality impact (exposure of function code and sensitive configurations across namespace boundaries) combined with ease of exploitation for any authenticated user in the cluster. The scope-change aspect and confidentiality impact elevate this beyond a low-risk internal validation bug. However, it is not CRITICAL because it requires prior authentication and does not directly enable arbitrary code execution or denial of service. For organizations running multi-tenant Fission clusters or processing sensitive workloads, patching should be prioritized within 2–4 weeks. For single-tenant or development-only clusters, the urgency is lower.
Risk score, explained
CVSS 3.1 score of 7.7 (HIGH) is driven by: (1) Network-accessible attack vector, (2) low privilege requirement (authenticated user), (3) no user interaction needed, (4) changed scope (cross-namespace impact), and (5) high confidentiality impact (exposure of function configurations and code). Integrity and availability are not directly compromised, capping the score below 9.0. The HIGH rating reflects meaningful operational risk in shared cluster environments, warranting timely remediation.
Frequently asked questions
Does this vulnerability allow unauthenticated access to cross-namespace functions?
No. The CVSS vector shows PR:L (Privilege Level: Low), meaning an attacker must already possess valid Kubernetes credentials and RBAC permissions to create or modify Package CRDs. Unauthenticated users cannot exploit this flaw.
What happens if an attacker creates a Package with mismatched namespaces?
The buildermgr controller, before patching, would process the Package without enforcing namespace boundaries. The attacker could reference or invoke an environment (and its associated functions) from a different namespace, potentially accessing sensitive serverless code or configurations they should not have access to.
Does upgrading to 1.24.0 automatically fix non-compliant existing Packages?
No. Version 1.24.0 applies the fix prospectively—it blocks creation of new non-compliant Packages. Administrators must manually audit and remediate any existing Packages where spec.environment.namespace differs from metadata.namespace before or after upgrading.
Can this be mitigated without upgrading Fission immediately?
Partial mitigation is possible via RBAC: restrict who can create or modify Package CRDs to a minimal set of trusted users or service accounts, and enable Kubernetes audit logging to detect suspicious Package creation. However, full remediation requires upgrading to 1.24.0.
This analysis is based on publicly available vulnerability information current as of the publication date. SEC.co makes no warranty regarding the completeness or accuracy of third-party vendor patch release information; always verify patch version numbers and compatibility against official vendor advisories before deployment. This vulnerability requires authenticated Kubernetes access; the risk profile differs significantly for isolated development clusters versus shared multi-tenant production environments. Security decisions should account for your specific architecture, threat model, and regulatory requirements. No exploit code is provided or endorsed. For questions or updates, consult the official Fission project repository and maintainers. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2018-25391HIGHHaPe PKH 1.1 Authorization Bypass – Unauthorized Record Deletion Vulnerability
- CVE-2025-26418HIGHAndroid CarDevicePolicyService Privilege Escalation (CVSS 7.8)
- CVE-2025-48570HIGHAndroid PipTaskOrganizer Privilege Escalation Vulnerability
- CVE-2025-53345HIGHThimPress Thim Core Missing Authorization Leads to Code Execution
- CVE-2026-0098HIGHAndroid Confused Deputy Privilege Escalation – Activity Start Bypass
- CVE-2026-0272HIGHPalo Alto PAN-OS Privilege Escalation Vulnerability (PA-Series, VM-Series, Panorama)
- CVE-2026-10737HIGHWordPress SP Project & Document Manager Unauthenticated File Access Vulnerability
- CVE-2026-26236HIGHQuMagie Missing Authorization Vulnerability – Patch to 2.9.0