HIGH 8.5

CVE-2026-49824: Fission Kubernetes Admission Webhook Namespace Validation Bypass (CVSS 8.5)

Fission, an open-source serverless framework for Kubernetes, contains a namespace validation gap in its Function admission webhook. The webhook correctly validates that Secrets and ConfigMaps referenced by a function must belong to the same namespace as the function itself—a security boundary enforcement mechanism. However, it failed to apply the same check to environment specifications, allowing authenticated users to reference environments from other namespaces. This cross-namespace access could enable privilege escalation or unauthorized data exposure in multi-tenant Kubernetes clusters. The issue affects all versions prior to 1.24.0.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Weaknesses (CWE)
CWE-284, CWE-863
Affected products
0 configuration(s)
Published / Modified
2026-06-10 / 2026-06-17

NVD description (verbatim)

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook (pkg/webhook/function.go) validated that spec.secrets[].namespace and spec.configmaps[].namespace equalled the function's own namespace but performed no equivalent check on spec.environment.namespace. This issue has been patched in version 1.24.0.

3 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability exists in pkg/webhook/function.go where the Fission Function admission webhook implements namespace isolation for function dependencies. The webhook validates spec.secrets[].namespace and spec.configmaps[].namespace against the function's declared namespace, but omits an equivalent validation for spec.environment.namespace. An authenticated user with permission to create or modify Fission Functions can specify an environment object from a different namespace, bypassing the intended namespace boundary. Environments in Fission define the runtime container, libraries, and configuration for function execution; unauthorized environment access could allow an attacker to inject malicious code or configurations into function execution contexts. This is classified as an Improper Access Control vulnerability (CWE-284, CWE-863).

Business impact

In shared Kubernetes clusters where multiple teams or customers deploy functions via Fission, this vulnerability enables lateral movement and privilege escalation. A user with function creation rights in one namespace could reference a privileged or adversary-controlled environment from another namespace, potentially executing code with elevated permissions or accessing sensitive data attached to that environment. Organizations relying on namespace-based multi-tenancy for billing, compliance, or security isolation are at risk of data exfiltration, unauthorized code execution, and compliance violations. The impact is amplified in environments where functions handle sensitive workloads or where strict isolation between tenants is a contractual requirement.

Affected systems

Fission versions prior to 1.24.0 are affected. This includes all deployments running Fission as a serverless platform on Kubernetes. The vulnerability requires authentication (an actor must have valid credentials and permissions to create or modify Functions within their own namespace), so public or internet-exposed Fission clusters are higher-risk than private installations. Organizations using Fission for production workloads, particularly those with multi-tenant deployments, should prioritize assessment and patching.

Exploitability

Exploitation requires authentication and function creation/modification permissions, placing this in the 'authenticated attacker' category. In most deployments, any user or service account with API access to create Functions can trigger the vulnerability—a relatively low bar in Kubernetes RBAC models where multiple teams share a cluster. No unusual interaction patterns or social engineering is needed; a direct API call specifying a cross-namespace environment reference suffices. The attack surface is internal to the cluster and accessible to authenticated parties only, but the CVSS 3.1 score of 8.5 reflects the high impact (confidentiality) and broad scope (environment affecting other resources).

Remediation

Upgrade Fission to version 1.24.0 or later, which patches the admission webhook to enforce namespace validation on spec.environment.namespace parity with Secrets and ConfigMaps. This ensures that Functions can only reference environments in their own namespace. Verify the patch is applied by reviewing the function webhook configuration post-upgrade. No configuration changes or workarounds are provided for versions below 1.24.0; patching is the definitive remediation.

Patch guidance

Fission maintainers have released version 1.24.0 with a fix. Update your Fission deployment using the standard Helm chart or container image release for version 1.24.0 or any subsequent patch version. Test the upgrade in a development or staging cluster first to ensure backward compatibility with existing function definitions. If any functions currently reference cross-namespace environments (indicating potential prior exploitation), audit those functions and their execution history before production rollout. Consult the Fission project release notes and security advisories for complete upgrade instructions.

Detection guidance

Monitor Kubernetes audit logs for Function API calls (create, update, patch) that specify spec.environment.namespace values differing from the function's own namespace. Tools like Falco or Kubernetes audit event processors can flag these anomalies. On running clusters, audit existing Function objects for cross-namespace environment references using kubectl queries (e.g., 'kubectl get functions -A -o json | jq'). Implement admission webhooks or policy engines (e.g., Kyverno, OPA) to prevent such configurations even before patching, if immediate remediation is not feasible. Review function execution logs and environment variable injections to detect if cross-namespace references were previously exploited.

Why prioritize this

This vulnerability warrants HIGH priority due to its authentication-only requirement, potential for lateral movement in multi-tenant clusters, and confidentiality impact (HIGH per CVSS). Organizations operating Kubernetes clusters with multiple teams or customers should patch immediately. It is not listed on CISA's KEV catalog, so exploit code is not yet known to be actively circulating, but the conceptual attack is straightforward and could be weaponized by malicious insiders or discovered by adversaries. The blast radius widens in clusters where namespaces are actively used as security or tenancy boundaries.

Risk score, explained

CVSS 3.1 score of 8.5 (HIGH): Network-accessible attack vector (AV:N) with low complexity (AC:L) and low privilege requirement (PR:L) reflect the Kubernetes API exposure and function creation permissions common in cluster deployments. High confidentiality impact (C:H) reflects the risk of accessing privileged environments and their associated credentials or configuration. Low integrity impact (I:L) accounts for potential configuration modification. Changed Scope (S:C) indicates the vulnerability affects resources (environments) beyond the immediate function object. Availability is unaffected (A:N). The score appropriately penalizes the ease of exploitation balanced against the need for prior authentication.

Frequently asked questions

Does this vulnerability affect air-gapped or private Fission clusters?

Yes. The vulnerability requires authentication, which may be more restricted in private clusters, but any authenticated user with function creation rights is a potential attacker. Air-gapped deployments are not exempt; insider threats or compromised service accounts remain relevant risks.

Can I mitigate this without upgrading to 1.24.0?

There is no documented workaround in the CVE record. Organizations unable to patch immediately should implement network policies or RBAC restrictions to limit who can create Functions, and deploy external policy engines (Kyverno, OPA) to validate function specifications before webhook approval. However, these are temporary measures; upgrading is the proper remediation.

How do I know if someone exploited this vulnerability before I patch?

Audit your Function objects for any spec.environment.namespace values that differ from the function's own namespace using kubectl or your cluster API tools. Review function execution logs and environment initialization events for signs of unexpected behavior or credential access. Consult your Kubernetes audit log for Function API calls with cross-namespace environment references.

Does this affect Fission-as-a-service offerings or only self-managed clusters?

Self-managed Fission clusters running versions prior to 1.24.0 are affected. If your Fission platform is managed by a vendor, check their security advisory and upgrade timeline; they may have already patched. Always verify the deployed Fission version against your vendor or release documentation.

This analysis is provided for informational purposes and reflects the CVE details and patch information available as of the publication date. Security organizations should always verify patch versions and availability against official Fission project releases and security advisories before deploying updates. No exploit code or proof-of-concept is provided. The absence of a CISA KEV listing does not guarantee the vulnerability is not exploited in the wild; organizations should assess their own exposure and risk profile. Consult Fission's official documentation and security contacts for deployment-specific guidance. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).