GHSA-V455-MV2V-5G92
Vulnerability from github – Published: 2026-06-30 18:18 – Updated: 2026-06-30 18:18Summary
Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user's container image.
Details
Two flaws compounded:
pkg/apis/core/v1/validation.go::FunctionSpec.Validateonly checked thatspec.PodSpec != nilwhenexecutorType: container; it did not inspect the content ofspec.PodSpec.pkg/executor/util/merge.go::MergePodSpecunconditionally forwardedhostPID,hostNetwork,hostIPC, hostPath volumes,serviceAccountName, and containerprivilegedinto the Deployment spec via the container-executor sink (pkg/executor/executortype/container/deployment.go::getDeploymentSpec).
A tenant with only functions.fission.io/create could deploy a Function with a crafted podspec that mounted the host root filesystem and shared host namespaces. The executor — running under its high-privilege SA, which holds
deployments/create on the function namespace — created that Deployment on the tenant's behalf, turning Function-create into effective deployments/create with arbitrary pod-security configuration.
This is the Function-CRD sibling of GHSA-gx55-f84r-v3r7 / GHSA-wmgg-3p4h-48x7, with a lower attack threshold: regular function developers typically hold functions/create but not environments/create.
Impact
A tenant with only functions.fission.io/create is escalated to node escape via a privileged, host-namespace pod scheduled by the executor.
Fix
Fixed in #3391 and released in v1.24.0.
FunctionSpec.Validatenow callsValidatePodSpecSafety("Function.spec.podspec", spec.PodSpec)after the existingspec.PodSpec == nilcheck.- The Function validating webhook is already registered on
verbs=create;update, so it picks up the new validation with no marker change. - The same merge-layer strip and per-container sanitize used for the Environment path applies here, since the container-executor sink calls
util.MergePodSpec.
See GHSA-gx55-f84r-v3r7 for the detailed fix.
Behavioural change
Functions whose spec.podspec sets host namespaces, hostPath volumes, container privileged/allowPrivilegeEscalation, dangerous Linux capabilities, or a serviceAccountName override are now rejected at admission. Legitimate
container-executor functions that set image, command, args, env, resources, nodeSelector, tolerations, affinity, non-hostPath volumes, or volumeMounts are unaffected.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.23.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/fission/fission"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50563"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-284"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-30T18:18:42Z",
"nvd_published_at": "2026-06-10T18:17:12Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\nFission\u0027s Container Executor path lets a tenant supply `Function.spec.podspec` directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user\u0027s container image.\n\n### Details\n\nTwo flaws compounded:\n\n1. `pkg/apis/core/v1/validation.go::FunctionSpec.Validate` only checked that `spec.PodSpec != nil` when `executorType: container`; it did not inspect the content of `spec.PodSpec`.\n2. `pkg/executor/util/merge.go::MergePodSpec` unconditionally forwarded `hostPID`, `hostNetwork`, `hostIPC`, hostPath volumes, `serviceAccountName`, and container `privileged` into the Deployment spec via the container-executor sink\n(`pkg/executor/executortype/container/deployment.go::getDeploymentSpec`).\n\nA tenant with only `functions.fission.io/create` could deploy a Function with a crafted podspec that mounted the host root filesystem and shared host namespaces. The executor \u2014 running under its high-privilege SA, which holds\n`deployments/create` on the function namespace \u2014 created that Deployment on the tenant\u0027s behalf, turning Function-create into effective `deployments/create` with arbitrary pod-security configuration.\n\nThis is the Function-CRD sibling of GHSA-gx55-f84r-v3r7 / GHSA-wmgg-3p4h-48x7, with a **lower** attack threshold: regular function developers typically hold `functions/create` but not `environments/create`.\n\n### Impact\n\nA tenant with only `functions.fission.io/create` is escalated to node escape via a privileged, host-namespace pod scheduled by the executor.\n\n### Fix\n\nFixed in [#3391](https://github.com/fission/fission/pull/3391) and released in [v1.24.0](https://github.com/fission/fission/releases/tag/v1.24.0).\n\n- `FunctionSpec.Validate` now calls `ValidatePodSpecSafety(\"Function.spec.podspec\", spec.PodSpec)` after the existing `spec.PodSpec == nil` check.\n- The Function validating webhook is already registered on `verbs=create;update`, so it picks up the new validation with no marker change.\n- The same merge-layer strip and per-container sanitize used for the Environment path applies here, since the container-executor sink calls `util.MergePodSpec`.\n\nSee GHSA-gx55-f84r-v3r7 for the detailed fix.\n\n### Behavioural change\n\nFunctions whose `spec.podspec` sets host namespaces, hostPath volumes, container `privileged`/`allowPrivilegeEscalation`, dangerous Linux capabilities, or a `serviceAccountName` override are now rejected at admission. Legitimate\ncontainer-executor functions that set `image`, `command`, `args`, `env`, `resources`, `nodeSelector`, `tolerations`, `affinity`, non-hostPath `volumes`, or `volumeMounts` are unaffected.",
"id": "GHSA-v455-mv2v-5g92",
"modified": "2026-06-30T18:18:42Z",
"published": "2026-06-30T18:18:42Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fission/fission/security/advisories/GHSA-v455-mv2v-5g92"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50563"
},
{
"type": "WEB",
"url": "https://github.com/fission/fission/pull/3391"
},
{
"type": "WEB",
"url": "https://github.com/fission/fission/commit/e484df8460bb4e8026e24210120602aa7f181f64"
},
{
"type": "PACKAGE",
"url": "https://github.com/fission/fission"
},
{
"type": "WEB",
"url": "https://github.com/fission/fission/releases/tag/v1.24.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Fission Container Executor Function PodSpec Injection Leading to Node Escape"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.