CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5439 vulnerabilities reference this CWE, most recent first.
CVE-2026-53565 (GCVE-0-2026-53565)
Vulnerability from cvelistv5 – Published: 2026-07-14 12:49 – Updated: 2026-07-15 04:00- CWE-269 - Improper Privilege Management
| Vendor | Product | Version | |
|---|---|---|---|
| Citrix | Secure Access Client for Windows |
Affected:
0 , < 26.6.1.20
(patch)
|
|
| Citrix | Citrix Endpoint Analysis Client for Windows |
Affected:
0 , < 26. 5.1.7
(patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T04:00:59.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access Client for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "26.6.1.20",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Citrix Endpoint Analysis Client for Windows",
"vendor": "Citrix",
"versions": [
{
"lessThan": "26. 5.1.7",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"datePublic": "2026-07-14T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows.\u003cp\u003eThis issue affects Secure Access Client for Windows: before 26.6.1.20; Citrix Endpoint Analysis Client for Windows: before 26. 5.1.7.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows.\n\nThis issue affects Secure Access Client for Windows: before 26.6.1.20; Citrix Endpoint Analysis Client for Windows: before 26. 5.1.7."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:49:17.998Z",
"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"shortName": "Citrix"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696734"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"assignerShortName": "Citrix",
"cveId": "CVE-2026-53565",
"datePublished": "2026-07-14T12:49:17.998Z",
"dateReserved": "2026-06-09T18:32:47.375Z",
"dateUpdated": "2026-07-15T04:00:59.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53515 (GCVE-0-2026-53515)
Vulnerability from cvelistv5 – Published: 2026-07-15 17:27 – Updated: 2026-07-15 19:30| URL | Tags |
|---|---|
| https://github.com/better-auth/better-auth/securi… | x_refsource_CONFIRM |
| https://github.com/better-auth/better-auth/pull/9220 | x_refsource_MISC |
| https://github.com/better-auth/better-auth/commit… | x_refsource_MISC |
| https://github.com/better-auth/better-auth/releas… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| better-auth | better-auth |
Affected:
>= 1.2.10, < 1.6.11
|
|
| @better-auth | sso |
Affected:
>= 1.2.10, < 1.6.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T19:29:56.598355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T19:30:08.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "better-auth",
"vendor": "better-auth",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.10, \u003c 1.6.11"
}
]
},
{
"product": "sso",
"vendor": "@better-auth",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.10, \u003c 1.6.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Better Auth is an authentication and authorization library for TypeScript. From 1.2.10 until 1.6.11, the @better-auth/sso plugin\u0027s POST /sso/register endpoint lets any organization member attach a new SSO provider to that organization because registerSSOProvider checks only for a membership row and does not require an owner or admin role, allowing attacker-controlled OIDC or SAML providers to drive /sso/callback/{providerId} organization provisioning. This issue is fixed in version 1.6.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T17:27:00.291Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/better-auth/better-auth/security/advisories/GHSA-gv74-j8m3-fg5f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/better-auth/better-auth/security/advisories/GHSA-gv74-j8m3-fg5f"
},
{
"name": "https://github.com/better-auth/better-auth/pull/9220",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/better-auth/better-auth/pull/9220"
},
{
"name": "https://github.com/better-auth/better-auth/commit/86765f1597378f5c3deed1b80ca91faac0a6bf00",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/better-auth/better-auth/commit/86765f1597378f5c3deed1b80ca91faac0a6bf00"
},
{
"name": "https://github.com/better-auth/better-auth/releases/tag/v1.6.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/better-auth/better-auth/releases/tag/v1.6.11"
}
],
"source": {
"advisory": "GHSA-gv74-j8m3-fg5f",
"discovery": "UNKNOWN"
},
"title": "Better Auth: Privilege escalation via SSO provider registration: missing admin role check in @better-auth/sso"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53515",
"datePublished": "2026-07-15T17:27:00.291Z",
"dateReserved": "2026-06-09T17:30:33.456Z",
"dateUpdated": "2026-07-15T19:30:08.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53444 (GCVE-0-2026-53444)
Vulnerability from cvelistv5 – Published: 2026-07-15 21:11 – Updated: 2026-07-15 21:11| URL | Tags |
|---|---|
| https://github.com/wekan/wekan/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/wekan/wekan/commit/305864f0c77… | x_refsource_MISC |
| https://github.com/wekan/wekan/releases/tag/v9.32 | x_refsource_MISC |
{
"containers": {
"cna": {
"affected": [
{
"product": "wekan",
"vendor": "wekan",
"versions": [
{
"status": "affected",
"version": "\u003c 9.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan OIDC-related Meteor methods in packages/wekan-oidc/oidc_server.js, server/models/org.js, and server/models/team.js are globally callable without the admin authorization checks used by their non-OIDC counterparts. Authenticated users can call setCreateOrgFromOidc, setOrgAllFieldsFromOidc, setCreateTeamFromOidc, setTeamAllFieldsFromOidc, boardRoutineOnLogin, or groupRoutineOnLogin to create or modify organizations and teams, and groupRoutineOnLogin can grant global admin privileges when PROPAGATE_OIDC_DATA is enabled. This issue is fixed in version 9.32."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T21:11:38.711Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wekan/wekan/security/advisories/GHSA-cv95-8h7c-2ffq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wekan/wekan/security/advisories/GHSA-cv95-8h7c-2ffq"
},
{
"name": "https://github.com/wekan/wekan/commit/305864f0c77456ad0f2c1e616266c8a06749c951",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wekan/wekan/commit/305864f0c77456ad0f2c1e616266c8a06749c951"
},
{
"name": "https://github.com/wekan/wekan/releases/tag/v9.32",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wekan/wekan/releases/tag/v9.32"
}
],
"source": {
"advisory": "GHSA-cv95-8h7c-2ffq",
"discovery": "UNKNOWN"
},
"title": "Wekan: Missing authorization on OIDC Meteor methods allows privilege escalation to admin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53444",
"datePublished": "2026-07-15T21:11:38.711Z",
"dateReserved": "2026-06-09T16:31:21.493Z",
"dateUpdated": "2026-07-15T21:11:38.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52808 (GCVE-0-2026-52808)
Vulnerability from cvelistv5 – Published: 2026-06-24 20:27 – Updated: 2026-06-25 15:35| URL | Tags |
|---|---|
| https://github.com/gogs/gogs/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/pull/8327 | x_refsource_MISC |
| https://github.com/gogs/gogs/commit/6283462119bd8… | x_refsource_MISC |
| https://github.com/gogs/gogs/releases/tag/v0.14.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-52808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T15:35:29.502329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T15:35:35.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-268j-37xf-pp52"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints \u2014 PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync \u2014 are gated by reqRepoWriter() rather than reqRepoAdmin(). The equivalent operations in the web UI sit behind reqRepoAdmin, which requires AccessMode \u003e= AccessModeAdmin. A write-level collaborator (who has AccessMode == AccessModeWrite \u003c AccessModeAdmin) can therefore call these API endpoints directly to disable the native issue tracker or wiki, inject attacker-controlled external tracker/wiki URLs that redirect all repository visitors, or trigger mirror sync \u2014 none of which they are authorized to do. This vulnerability is fixed in 0.14.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T20:27:41.410Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-268j-37xf-pp52",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-268j-37xf-pp52"
},
{
"name": "https://github.com/gogs/gogs/pull/8327",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/8327"
},
{
"name": "https://github.com/gogs/gogs/commit/6283462119bd8894f1599d70339b5e823f99954a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/6283462119bd8894f1599d70339b5e823f99954a"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.14.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.3"
}
],
"source": {
"advisory": "GHSA-268j-37xf-pp52",
"discovery": "UNKNOWN"
},
"title": "Gogs: Write-level collaborators can mutate admin-only repository settings via API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-52808",
"datePublished": "2026-06-24T20:27:41.410Z",
"dateReserved": "2026-06-08T18:02:19.732Z",
"dateUpdated": "2026-06-25T15:35:35.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50570 (GCVE-0-2026-50570)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:34 – Updated: 2026-06-10 18:37| URL | Tags |
|---|---|
| https://github.com/fission/fission/security/advis… | x_refsource_CONFIRM |
| https://github.com/fission/fission/pull/3465 | x_refsource_MISC |
| https://github.com/fission/fission/releases/tag/v1.25.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T18:31:08.293816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T18:37:36.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fission",
"vendor": "fission",
"versions": [
{
"status": "affected",
"version": "\u003c 1.25.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs (ValidatePodSpecSafety / ValidateContainerSafety admission webhook + sanitizeContainerSecurityContext executor merge layer), but the capability check was implemented as a fixed denylist of six Linux capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The denylist omitted CAP_SYS_TIME, among others. As a result, a tenant who could create a Function or Environment CRD could request securityContext.capabilities.add: [\"SYS_TIME\"], pass Fission\u0027s admission validation and merge-layer sanitization, and run attacker-controlled code with CAP_SYS_TIME in the resulting function or runtime container. This issue has been patched in version 1.25.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:34:14.910Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fission/fission/security/advisories/GHSA-qf5v-m7p4-95rp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fission/fission/security/advisories/GHSA-qf5v-m7p4-95rp"
},
{
"name": "https://github.com/fission/fission/pull/3465",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/pull/3465"
},
{
"name": "https://github.com/fission/fission/releases/tag/v1.25.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/releases/tag/v1.25.0"
}
],
"source": {
"advisory": "GHSA-qf5v-m7p4-95rp",
"discovery": "UNKNOWN"
},
"title": "Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows tenant-added CAP_SYS_TIME and cross-tenant node wall-clock corruption"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50570",
"datePublished": "2026-06-10T17:34:14.910Z",
"dateReserved": "2026-06-04T21:34:34.427Z",
"dateUpdated": "2026-06-10T18:37:36.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50566 (GCVE-0-2026-50566)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:29 – Updated: 2026-06-12 12:44| URL | Tags |
|---|---|
| https://github.com/fission/fission/security/advis… | x_refsource_CONFIRM |
| https://github.com/fission/fission/pull/3406 | x_refsource_MISC |
| https://github.com/fission/fission/releases/tag/v1.24.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T03:55:23.879271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T12:44:18.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fission",
"vendor": "fission",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor\u0027s high-privilege service account \u2014 enabling container-sandbox escape, host filesystem and network access, and potential node- and cluster-level compromise. This issue has been patched in version 1.24.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:29:35.349Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fission/fission/security/advisories/GHSA-m63v-2g9w-2w6v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fission/fission/security/advisories/GHSA-m63v-2g9w-2w6v"
},
{
"name": "https://github.com/fission/fission/pull/3406",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/pull/3406"
},
{
"name": "https://github.com/fission/fission/releases/tag/v1.24.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/releases/tag/v1.24.0"
}
],
"source": {
"advisory": "GHSA-m63v-2g9w-2w6v",
"discovery": "UNKNOWN"
},
"title": "Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50566",
"datePublished": "2026-06-10T17:29:35.349Z",
"dateReserved": "2026-06-04T21:34:34.426Z",
"dateUpdated": "2026-06-12T12:44:18.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50565 (GCVE-0-2026-50565)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:28 – Updated: 2026-06-10 18:42| URL | Tags |
|---|---|
| https://github.com/fission/fission/security/advis… | x_refsource_CONFIRM |
| https://github.com/fission/fission/pull/3390 | x_refsource_MISC |
| https://github.com/fission/fission/releases/tag/v1.24.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T18:38:05.730903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T18:42:31.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fission",
"vendor": "fission",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod \u2014 including the user-supplied builder image. This issue has been patched in version 1.24.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:28:27.457Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fission/fission/security/advisories/GHSA-8wcj-mfrc-jx5q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fission/fission/security/advisories/GHSA-8wcj-mfrc-jx5q"
},
{
"name": "https://github.com/fission/fission/pull/3390",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/pull/3390"
},
{
"name": "https://github.com/fission/fission/releases/tag/v1.24.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/releases/tag/v1.24.0"
}
],
"source": {
"advisory": "GHSA-8wcj-mfrc-jx5q",
"discovery": "UNKNOWN"
},
"title": "Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50565",
"datePublished": "2026-06-10T17:28:27.457Z",
"dateReserved": "2026-06-04T21:34:34.426Z",
"dateUpdated": "2026-06-10T18:42:31.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50564 (GCVE-0-2026-50564)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:27 – Updated: 2026-06-12 03:55| URL | Tags |
|---|---|
| https://github.com/fission/fission/security/advis… | x_refsource_CONFIRM |
| https://github.com/fission/fission/pull/3391 | x_refsource_MISC |
| https://github.com/fission/fission/releases/tag/v1.24.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T03:55:21.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fission",
"vendor": "fission",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission\u0027s Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from the user-supplied podspec with no filtering, and Environment.Validate performed no security-relevant checks on these fields. This issue has been patched in version 1.24.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:27:34.232Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fission/fission/security/advisories/GHSA-gx55-f84r-v3r7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fission/fission/security/advisories/GHSA-gx55-f84r-v3r7"
},
{
"name": "https://github.com/fission/fission/pull/3391",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/pull/3391"
},
{
"name": "https://github.com/fission/fission/releases/tag/v1.24.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/releases/tag/v1.24.0"
}
],
"source": {
"advisory": "GHSA-gx55-f84r-v3r7",
"discovery": "UNKNOWN"
},
"title": "Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50564",
"datePublished": "2026-06-10T17:27:34.232Z",
"dateReserved": "2026-06-04T21:34:34.426Z",
"dateUpdated": "2026-06-12T03:55:21.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50563 (GCVE-0-2026-50563)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:27 – Updated: 2026-06-12 03:55| URL | Tags |
|---|---|
| https://github.com/fission/fission/security/advis… | x_refsource_CONFIRM |
| https://github.com/fission/fission/pull/3391 | x_refsource_MISC |
| https://github.com/fission/fission/releases/tag/v1.24.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T03:55:20.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fission",
"vendor": "fission",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission\u0027s Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user\u0027s container image. This issue has been patched in version 1.24.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:27:18.502Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fission/fission/security/advisories/GHSA-v455-mv2v-5g92",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fission/fission/security/advisories/GHSA-v455-mv2v-5g92"
},
{
"name": "https://github.com/fission/fission/pull/3391",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/pull/3391"
},
{
"name": "https://github.com/fission/fission/releases/tag/v1.24.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/releases/tag/v1.24.0"
}
],
"source": {
"advisory": "GHSA-v455-mv2v-5g92",
"discovery": "UNKNOWN"
},
"title": "Fission Container Executor Function PodSpec Injection Leading to Node Escape"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50563",
"datePublished": "2026-06-10T17:27:18.502Z",
"dateReserved": "2026-06-04T21:34:34.426Z",
"dateUpdated": "2026-06-12T03:55:20.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50545 (GCVE-0-2026-50545)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:26 – Updated: 2026-06-12 03:55| URL | Tags |
|---|---|
| https://github.com/fission/fission/security/advis… | x_refsource_CONFIRM |
| https://github.com/fission/fission/pull/3390 | x_refsource_MISC |
| https://github.com/fission/fission/pull/3391 | x_refsource_MISC |
| https://github.com/fission/fission/releases/tag/v1.24.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T03:55:19.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fission",
"vendor": "fission",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. This issue has been patched in version 1.24.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:26:20.647Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fission/fission/security/advisories/GHSA-wmgg-3p4h-48x7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fission/fission/security/advisories/GHSA-wmgg-3p4h-48x7"
},
{
"name": "https://github.com/fission/fission/pull/3390",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/pull/3390"
},
{
"name": "https://github.com/fission/fission/pull/3391",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/pull/3391"
},
{
"name": "https://github.com/fission/fission/releases/tag/v1.24.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/releases/tag/v1.24.0"
}
],
"source": {
"advisory": "GHSA-wmgg-3p4h-48x7",
"discovery": "UNKNOWN"
},
"title": "Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50545",
"datePublished": "2026-06-10T17:26:20.647Z",
"dateReserved": "2026-06-04T20:37:18.653Z",
"dateUpdated": "2026-06-12T03:55:19.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.