HIGH 8.5

CVE-2026-50570: Fission Kubernetes Serverless Framework Privilege Escalation via Incomplete Capability Denylist

Fission, a Kubernetes-native serverless framework, has a flaw in how it validates which Linux capabilities tenants are allowed to add to containers. The framework maintains a denylist of dangerous capabilities to prevent privilege escalation, but the list was incomplete—it missed CAP_SYS_TIME and others. This means a tenant could create a Function or Environment and request CAP_SYS_TIME, which would pass validation and allow their code to run with the ability to modify system time. This is a privilege escalation vulnerability that affects multi-tenant Fission clusters where untrusted users can define workloads.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Weaknesses (CWE)
CWE-269, CWE-732
Affected products
0 configuration(s)
Published / Modified
2026-06-10 / 2026-06-17

NVD description (verbatim)

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs (ValidatePodSpecSafety / ValidateContainerSafety admission webhook + sanitizeContainerSecurityContext executor merge layer), but the capability check was implemented as a fixed denylist of six Linux capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The denylist omitted CAP_SYS_TIME, among others. As a result, a tenant who could create a Function or Environment CRD could request securityContext.capabilities.add: ["SYS_TIME"], pass Fission's admission validation and merge-layer sanitization, and run attacker-controlled code with CAP_SYS_TIME in the resulting function or runtime container. This issue has been patched in version 1.25.0.

3 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

Fission's admission webhook (ValidatePodSpecSafety and ValidateContainerSafety) and executor merge layer (sanitizeContainerSecurityContext) were designed to enforce security boundaries by blocking dangerous Linux capabilities in tenant-submitted workloads. However, the implementation relied on a fixed denylist of only six capabilities: SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, and DAC_OVERRIDE. The omission of CAP_SYS_TIME—a capability that allows modification of system clock and realtime clock settings—creates an escape hatch. An attacker who can create Function or Environment custom resource definitions can explicitly request CAP_SYS_TIME in the securityContext.capabilities.add field, bypass Fission's validation, and obtain that capability in the resulting container. While CAP_SYS_TIME is less severe than capabilities like SYS_ADMIN, it can be chained with other techniques to cause availability disruption, break audit timestamps, or facilitate further exploits. The vulnerability was remediated in version 1.25.0 by migrating to a more robust allowlist-based approach or expanding the denylist comprehensively.

Business impact

In multi-tenant Fission deployments—common in shared Kubernetes platforms and function-as-a-service offerings—this vulnerability allows tenant isolation bypass. A malicious tenant gains elevated capabilities without cluster-admin intervention, enabling clock tampering that could disrupt dependent applications, invalidate audit logs, or trigger cascading failures in systems relying on accurate time (e.g., financial transactions, authentication tokens, log correlation). The blast radius depends on cluster topology and whether functions interact with shared infrastructure. Organizations running Fission as a managed service are at highest risk; internal single-tenant clusters face lower business risk but should still patch to prevent insider threats.

Affected systems

Fission versions prior to 1.25.0 are vulnerable. The exposure is limited to clusters where tenants (non-cluster-admin users) are permitted to create Function and Environment CRDs. Affected deployments include: multi-tenant Kubernetes environments running Fission, managed serverless platforms built on Fission, and any Kubernetes cluster where RBAC grants untrusted users the ability to create or modify Fission Function and Environment resources. Clusters with strict RBAC that restrict CRD creation to administrators only are effectively protected despite running vulnerable software.

Exploitability

Exploitability is moderate to high. An attacker needs valid cluster credentials and RBAC permissions to create Function or Environment CRDs—a low bar in multi-tenant environments where such permissions are commonly granted to application developers. No authentication bypass is required; the vulnerability is purely a logic flaw in the validation layer. Exploitation is straightforward: craft a CRD manifest with securityContext.capabilities.add: ["SYS_TIME"] and submit it. The attack surface is human-readable YAML or standard Kubernetes API calls, familiar to any developer. The main limiting factor is that CAP_SYS_TIME alone is not as immediately destructive as capabilities like SYS_ADMIN, so it is typically useful in conjunction with other privilege escalation techniques or denial-of-service scenarios. Pre-1.25.0 clusters with open tenant environments should assume compromise is likely if untrusted users have had access.

Remediation

Upgrade Fission to version 1.25.0 or later. This release includes fixes to the admission webhook and executor sanitization logic that enforce a more comprehensive or allowlist-based capability check. Verify against the official Fission release notes and security advisories to confirm the patch version deployed in your environment. For clusters unable to upgrade immediately, implement compensating controls: use Pod Security Policies (PSPs) or Pod Security Standards (PSS) at the cluster level to enforce a baseline that blocks CAP_SYS_TIME for all non-privileged pods, restrict RBAC permissions for Function and Environment CRD creation to trusted administrators only, and audit existing CRDs for any that request suspicious capabilities.

Patch guidance

Update Fission to version 1.25.0 or any subsequent release. Consult the official Fission release notes and security advisories for the exact patch artifact and deployment procedure for your installation method (Helm, kubectl apply, etc.). Test the upgrade in a non-production environment first to verify compatibility with your function workloads and any custom plugins. After patching, re-validate that existing Function and Environment CRDs comply with the updated validation rules—some may need capability declarations adjusted. Monitor your cluster for any CRDs that were previously accepted but are now rejected by the new validation logic, and work with application teams to remediate them. Consider performing a security audit of all tenant-submitted workload definitions created before the patch date.

Detection guidance

Search admission webhook logs and Kubernetes API audit logs for Function and Environment CRD creation requests that include securityContext.capabilities.add fields with any capability names, especially SYS_TIME, SYS_PTRACE, NET_RAW, NET_ADMIN, and others not in the original denylist. Monitor for pods spawned from Function or Environment resources that report unexpected capabilities (use 'kubectl describe pod' or check /proc/[pid]/status CapXxx fields). Set up alerts on admission webhook rejections post-patch to catch any malicious or misconfigured submissions. If logs are available from the pre-patch window, review them for evidence of CRDs that would have been blocked by the new validation rules.

Why prioritize this

This vulnerability merits immediate patching in multi-tenant environments. CVSS 8.5 (HIGH) reflects the ease of exploitation by low-privileged actors and the potential for significant system compromise. While CAP_SYS_TIME is not as critical as SYS_ADMIN, it enables privilege escalation and can be combined with other techniques for denial-of-service or audit evasion. The vulnerability directly breaks a security boundary that tenants and operators may have relied upon. Organizations should prioritize patching proportional to the number of untrusted tenants with CRD creation rights.

Risk score, explained

The CVSS 3.1 score of 8.5 (HIGH) reflects: (1) Network-adjacent attack vector—Fission typically exposes APIs via Kubernetes API server; (2) Low attack complexity—no special preconditions beyond valid credentials; (3) Low privilege requirement—tenant users with standard CRD creation rights can exploit it; (4) Changed scope—impact can cross tenant boundaries in multi-tenant clusters; (5) High integrity impact—ability to tamper with system time affects audit, authentication, and application state; (6) Low availability impact—while CAP_SYS_TIME can disrupt services, it is not guaranteed to cause outage without further exploitation. The score appropriately captures the seriousness of a tenant escape in a containerized multi-tenant system, tempered by the limited direct damage from this specific capability alone.

Frequently asked questions

Can CAP_SYS_TIME be exploited in a single-tenant Fission cluster?

Yes, if the cluster runs untrusted workloads or has been compromised via other means. However, the primary concern is multi-tenant environments where workload isolation is a security promise. In single-tenant clusters, the vulnerability is less critical but should still be patched as part of routine hardening.

Why was CAP_SYS_TIME omitted from the original denylist?

The original implementation used a fixed list of six capabilities deemed most dangerous (SYS_ADMIN, NET_ADMIN, etc.). This approach is brittle and does not account for the full Linux capability set or less obvious privilege escalation vectors. CAP_SYS_TIME was likely overlooked because clock manipulation is not an obvious security risk to developers unfamiliar with privilege escalation chains. The fix moves to a more robust allowlist or comprehensive denylist strategy.

What are the prerequisites for exploiting this vulnerability?

An attacker needs: (1) valid Kubernetes credentials, (2) RBAC permissions to create or update Function and Environment CRDs, and (3) access to the Fission API or Kubernetes API endpoint. In multi-tenant clusters, these are commonly granted to application developers. No additional exploits or privilege escalation steps are required to trigger the vulnerability itself.

If I have Pod Security Policies (PSP) enabled, am I protected?

Possibly, but it depends on your PSP configuration. If your PSPs restrict all pods from requesting SYS_TIME or other sensitive capabilities, you have a defense-in-depth layer. However, PSPs are deprecated in Kubernetes 1.25+ in favor of Pod Security Standards, and relying solely on PSPs is not a substitute for patching Fission. Upgrade Fission to 1.25.0 and ensure cluster-level security policies complement application-level controls.

This analysis is provided for informational purposes. Verify all technical details against official Fission release notes, security advisories, and your vendor documentation before taking action. CVSS scores and severity assessments are based on the published vector and should be evaluated in the context of your specific deployment topology and threat model. If you operate a Fission cluster, perform a thorough audit of existing CRDs and RBAC policies to assess your actual exposure. SEC.co does not warrant the accuracy or completeness of this analysis and recommends consulting official security bulletins and independent security reviews. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).