CVE-2026-50568: Fission Path Validation Bypass in Multi-Tenant Kubernetes Environments
Fission, an open-source serverless framework for Kubernetes, contained a path validation flaw that could allow a tenant with local access to read or write files outside an intended safe directory. The vulnerability stems from a lexical string comparison that doesn't respect directory boundaries—for example, a directory named '/packages-extra' would incorrectly pass validation meant for '/packages'. An attacker who can pre-create or control a sibling directory in the shared storage volume could exploit this to access sensitive files. This affects versions prior to 1.25.0 and has been patched.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 3.6 LOW · CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
- Weaknesses (CWE)
- CWE-41
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-10 / 2026-06-17
NVD description (verbatim)
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefix(path, safedir). This is a lexical check, not a directory boundary check: /packages-extra/evil starts with /packages, so it passed. The function did not enforce a path-separator boundary, so any sibling directory whose name began with the safe-directory string was accepted. Callers included the builder's Clean handler (pkg/builder/builder.go:208) and the fetcher's Fetch / Upload handlers (pkg/fetcher/fetcher.go). A tenant who could pre-create or control a sibling directory under the fetcher / builder's shared volume could induce a write or read outside the intended safe directory. This issue has been patched in version 1.25.0.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The SanitizeFilePath function in pkg/utils/utils.go used strings.HasPrefix() to validate that file paths remained within a designated safe directory. This lexical check fails to enforce path-separator boundaries, allowing any directory whose name begins with the safe-directory string to bypass validation. For instance, '/packages-extra/evil' would pass a check intended for '/packages' since it lexically starts with that string. The vulnerable code path affects the builder's Clean handler (pkg/builder/builder.go:208) and the fetcher's Fetch and Upload handlers (pkg/fetcher/fetcher.go), both of which operate on shared volumes in multi-tenant environments. An attacker with local access to the shared volume could exploit directory pre-creation or control to induce unauthorized read or write operations outside the intended containment boundary.
Business impact
In a shared Kubernetes cluster running Fission, this vulnerability enables a tenant to breach isolation boundaries and access or modify another tenant's function code or data stored on the shared volume. This undermines the multi-tenant security model and could lead to data exfiltration, unauthorized code execution, or denial of service. Organizations relying on Fission for isolated serverless workloads should treat this as a containment breach vector, especially if they run untrusted or competing workloads on the same cluster.
Affected systems
Fission versions prior to 1.25.0 are affected. The vulnerability is specific to Fission deployments on Kubernetes where multiple tenants share storage volumes for builder and fetcher operations. It does not affect environments where Fission runs with strict volume isolation or in single-tenant configurations.
Exploitability
Exploitation requires local access (CWE-41: Improper Restriction of Rendered UI Layers or Frames) and the ability to pre-create or control a sibling directory in the fetcher or builder's shared volume. The attacker must be an authenticated tenant within the same Kubernetes cluster. The complexity is high because successful exploitation depends on specific directory naming and knowledge of the safe-directory path structure. This is not remotely exploitable and does not require elevated privileges beyond standard tenant access.
Remediation
Upgrade Fission to version 1.25.0 or later, which implements proper path-separator boundary validation. Organizations should also audit existing deployments to determine if directory isolation controls are in place and review logs for suspicious file access patterns from tenants in the period prior to patching.
Patch guidance
Update Fission to version 1.25.0 or later. Verify the patch through the official Fission release notes and GitHub repository. Test the update in a non-production environment first to ensure compatibility with your Kubernetes configuration and any custom extensions. Consider scheduling the upgrade during a maintenance window to minimize disruption to running functions.
Detection guidance
Monitor the builder and fetcher pods for unexpected directory creation or access patterns in the shared volume. Look for file operations that reference paths with similar prefixes to the intended safe directory (e.g., '/packages' and '/packages-extra'). Enable audit logging on your Kubernetes storage layer if available. Check for unusual inter-tenant file access or modifications. Review Fission's internal logs for validation errors or warnings from the SanitizeFilePath function if debug logging is enabled.
Why prioritize this
Although assigned a LOW CVSS score (3.6) due to local-only access and high complexity, this vulnerability is a multi-tenant isolation bypass in a shared Kubernetes environment. For organizations running Fission in multi-tenant clusters, prioritize patching to maintain workload isolation and prevent cross-tenant data leakage. Single-tenant deployments are at lower immediate risk but should still be updated as part of routine maintenance.
Risk score, explained
The CVSS 3.1 score of 3.6 (LOW) reflects the attack vector being local, attack complexity being high, and impact being limited to confidentiality and integrity of a single tenant's data. The score does not capture the organizational impact of multi-tenant isolation breach, which may warrant elevated priority within specific deployment contexts. Security teams should consider their own risk model when deciding urgency.
Frequently asked questions
Can this vulnerability be exploited remotely?
No. The vulnerability requires local access to the shared volume on the Kubernetes cluster. An attacker must be an authenticated tenant with the ability to create or control directories on that volume.
What is the difference between the intended and actual behavior of SanitizeFilePath?
The function was intended to enforce a directory boundary check—ensuring that a path stays within a designated safe directory. Instead, it performed only a lexical string comparison, which allowed directory names that lexically begin with the safe-directory prefix to pass validation even if they are siblings outside the intended boundary.
If we run Fission with strict volume isolation per tenant, are we still at risk?
If your Kubernetes deployment uses separate storage volumes for each tenant (rather than a shared volume), this vulnerability's attack surface is significantly reduced. However, if any shared storage is used for builder or fetcher operations, you remain at risk and should patch.
Does the patch change how developers deploy functions?
No. Version 1.25.0 fixes the path validation logic but does not alter the Fission API or deployment workflow. Existing function deployments should continue to work after the upgrade.
This analysis is based on the vulnerability description and CVSS score provided. Patch availability, version numbers, and specific remediation steps should be verified against the official Fission project advisories and release notes. SEC.co makes no warranty regarding the completeness, timeliness, or accuracy of this information. Organizations should conduct independent validation and testing before applying patches in production environments. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2022-48575LOWmacOS Login Window Bypass via State Handling Flaw
- CVE-2024-42206LOWHCL iReflection Third-Party Component Vulnerability
- CVE-2024-58350LOWGhidra Use-After-Free in Sleigh Backend
- CVE-2025-12656LOWWPvivid Plugin Arbitrary Directory Deletion Vulnerability
- CVE-2025-48616LOWAndroid Lockdown Bypass via Screen Pinning Logic Error
- CVE-2025-52608LOWHCL iControl Missing Cookie Attributes Vulnerability
- CVE-2025-52609LOWHCL iControl Missing Security Headers XSS Vulnerability
- CVE-2025-52611LOWHCL iControl Stack Trace Disclosure (v4.0.0)