MEDIUM 4.9

CVE-2026-50565: Fission Kubernetes Service Account Token Exposure

Fission, an open-source serverless framework for Kubernetes, had a configuration flaw in versions before 1.24.0 where builder pods automatically mounted sensitive service account credentials into user-supplied container images. This meant anyone deploying a function through Fission could potentially access the credentials needed to interact with your Kubernetes cluster, such as listing resources or reading secrets. The issue stems from Kubernetes' default behavior of auto-mounting service account tokens unless explicitly disabled—Fission wasn't disabling this protection for builder pods. The flaw has been patched in version 1.24.0.

Source data · NVD / CISA · public domain

CVSS
3.1 · 4.9 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Weaknesses (CWE)
CWE-250, CWE-269, CWE-538
Affected products
0 configuration(s)
Published / Modified
2026-06-10 / 2026-06-17

NVD description (verbatim)

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod — including the user-supplied builder image. This issue has been patched in version 1.24.0.

3 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

Prior to version 1.24.0, Fission's builder pod creation lacked the AutomountServiceAccountToken: false setting, causing the kubelet to automatically inject the fission-builder service account token into all containers within the pod, including user-defined builder images. This exposed the service account token as a readable file (typically at /var/run/secrets/kubernetes.io/serviceaccount/token) accessible to code executing inside the builder container. Given that service account tokens provide direct authentication to the Kubernetes API server, an attacker or compromised build image could use this token to interact with cluster resources according to the fission-builder role's permissions. The vulnerability is classified under improper privilege management (CWE-250), improper restriction of rendered UI layers (CWE-269), and sensitive information exposure (CWE-538).

Business impact

Organizations running Fission to orchestrate serverless workloads face a credential exposure risk during the function-building phase. If a user deploys a malicious or compromised builder image, or if a legitimate build process is intercepted, the attacker gains API credentials to the Kubernetes cluster. Depending on the fission-builder role's permissions, this could enable lateral movement, unauthorized cluster enumeration, secret extraction, or persistent access. In multi-tenant or shared Kubernetes environments, this exposure is particularly severe, as it could compromise cluster-wide security posture. Unpatched Fission deployments should be considered a priority for remediation, especially in production settings.

Affected systems

Fission versions prior to 1.24.0 are affected. The vulnerability impacts all Kubernetes clusters running vulnerable Fission versions, regardless of Kubernetes distribution (managed services, on-premises, or hybrid). Any organization using Fission to manage serverless functions is potentially at risk. Organizations running Fission 1.24.0 or later are not affected.

Exploitability

Exploitation requires high privilege (PR:H in the CVSS vector), meaning an attacker needs the ability to deploy or supply a builder image through Fission—typically a developer or operator role. No user interaction is needed, and the attack is network-accessible. Once a malicious or compromised image is supplied, the service account token is automatically available at runtime, making credential theft trivial. The attack surface is limited to users with the capability to trigger function builds, but in open-team or third-party function scenarios, this can be broad. Public exploit code is not known, though weaponization would be straightforward for anyone with basic Kubernetes API knowledge.

Remediation

Upgrade Fission to version 1.24.0 or later. Verify the upgrade by confirming that builder pod specifications include AutomountServiceAccountToken: false and that existing builder pods are recreated with the corrected configuration. In the interim, if upgrading is not immediately possible, manually review and restrict the fission-builder service account's RBAC permissions to the minimum required for your deployment, and limit which users can deploy functions to trusted operators only.

Patch guidance

Apply the Fission 1.24.0 release or any subsequent version. Consult the official Fission release notes and GitHub repository for download and installation instructions. Confirm via kubectl that builder pod templates no longer auto-mount the service account token (verify the pod spec includes automountServiceAccountToken: false). Test function builds after patching to ensure no regressions. For air-gapped or restricted environments, verify patch availability through your Fission mirror or distribution channel before planning upgrades.

Detection guidance

Audit existing Fission builder pods in your cluster using kubectl describe pod or examining pod YAML to check whether AutomountServiceAccountToken is explicitly set to false. Review RBAC bindings for the fission-builder service account to understand what API permissions are exposed. Monitor Kubernetes API audit logs for any suspicious activity using the fission-builder credentials, such as unexpected list, get, or watch operations. Examine function deployment workflows to identify any instances of user-supplied or third-party builder images. Consider running Kubernetes security scanning tools (e.g., Kyverno, Polaris) to flag pods with auto-mounted service account tokens.

Why prioritize this

Although the CVSS score is moderate (4.9), the vulnerability directly exposes Kubernetes API credentials in any environment using Fission. The requirement for high privilege (developer/operator role) limits the attack surface, but in organizations where developers can supply builder images, the risk is material. The lack of KEV status and public exploit activity does not diminish the insider threat risk. Prioritize based on whether your Fission deployment is in production, whether it processes sensitive workloads, and whether function builders are controlled solely by trusted teams.

Risk score, explained

The CVSS v3.1 score of 4.9 (MEDIUM severity) reflects a confidentiality impact (High) of Kubernetes credentials, balanced against the requirement for high privilege to trigger the exposure. The attack vector is network-accessible and requires no user interaction, but the gating factor is the attacker's need for developer or operator privileges. The impact is strictly confidentiality; there is no integrity or availability impact, hence the high C:H/I:N/A:N profile. In your threat model, elevate this score if Fission is widely accessible to developers or if the fission-builder role has broad cluster permissions.

Frequently asked questions

Can the fission-builder token be used to modify or delete cluster resources?

That depends on the RBAC permissions granted to the fission-builder service account. By default, Fission assigns minimal permissions, but if your environment has customized these bindings, the token could enable modification or deletion. Review your fission-builder ClusterRole and ClusterRoleBinding to confirm the scope of exposed permissions.

Does this vulnerability affect Fission versions before 1.20, or only recent releases?

The vulnerability affects all Fission versions prior to 1.24.0, regardless of how old the release is. If you are running any version below 1.24.0 and have not manually patched the builder pod spec, the exposure exists.

If we restrict our function builders to internal images only, are we safe?

Restricting to internal images reduces risk but does not eliminate it. A compromised build pipeline, insider threat, or supply-chain attack on your image registry could still inject a malicious builder image. Upgrading to 1.24.0 is the proper fix; image restrictions are a helpful defense-in-depth control but not a substitute for patching.

How do we verify that the patch has been applied correctly?

After upgrading to 1.24.0, use kubectl describe pod <builder-pod-name> or kubectl get pod -o yaml to inspect the builder pod spec. Confirm the presence of automountServiceAccountToken: false in the pod specification. Additionally, inspect the Fission controller's builder pod template definition to ensure the setting is configured at the source.

This analysis is provided for informational purposes and represents a point-in-time assessment based on the vulnerability data available. Patch versions, release timelines, and RBAC defaults may vary by installation. Always consult the official Fission project documentation and your vendor advisories before implementing remediation. SEC.co does not warrant the completeness or accuracy of this guidance and recommends independent verification of all claims against your own environment and upstream sources. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).