GHSA-GX55-F84R-V3R7
Vulnerability from github – Published: 2026-06-30 18:19 – Updated: 2026-06-30 18:19Summary
Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container
privileged, and serviceAccountName from the user-supplied podspec with no filtering, and Environment.Validate performed no security-relevant checks on these fields.
Details
A namespace user with create/update on environments.fission.io could produce privileged, host-network, hostPID pods in the Fission function or builder namespace. Because the Helm chart created the fission-function and
fission-builder namespaces with no pod-security.kubernetes.io/enforce labels, Kubernetes Pod Security Admission did not catch the escape either.
From a host-network privileged pod with hostPID, the attacker could nsenter into the host, read cloud-metadata credentials, access the container-runtime socket, pivot to other namespaces, and fully compromise the node.
Impact
environments.fission.io create/update RBAC is escalated to node compromise — host filesystem and network access on the scheduling node, and from there potential cluster-wide takeover.
Fix
Fixed in #3391 and released in v1.24.0. Denylist at admission (the primary defence) plus belt-and-braces at the merge layer.
Admission denylist (pkg/apis/core/v1/podspec_safety.go::ValidatePodSpecSafety), called from Environment.Validate for both Runtime.PodSpec and Builder.PodSpec:
- pod-level:
HostNetwork,HostPID,HostIPC,ServiceAccountName/DeprecatedServiceAccountoverride, hostPath volumes; - per-container:
SecurityContext.Privileged=true,SecurityContext.AllowPrivilegeEscalation=true, dangerous capabilities (SYS_ADMIN,NET_ADMIN,SYS_PTRACE,SYS_MODULE,DAC_READ_SEARCH,DAC_OVERRIDE).
Update-bypass closed: the Environment validating-webhook marker is extended from verbs=create to verbs=create;update (chart and envtest manifests aligned).
Merge-layer belt-and-braces (pkg/executor/util/merge.go): even if admission is bypassed (failurePolicy=Ignore or stale pre-webhook objects), the denylisted pod-level fields are stripped and per-container dangerous settings are
sanitized before the merge (with SecurityContext deep-copied first so cached informer objects are not mutated). Legitimate operator hardening via the chart's pod-level securityContext (fsGroup, runAsNonRoot, runAsUser) still flows
through.
Behavioural change
Environments that explicitly set any denylisted field are now rejected at admission. There is no legitimate Fission use case — these primitives exist for cluster operators, not Environment authors.
This is the same root cause and fix as GHSA-wmgg-3p4h-48x7.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.23.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/fission/fission"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50564"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-284",
"CWE-693"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-30T18:19:32Z",
"nvd_published_at": "2026-06-10T18:17:12Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\nFission\u0027s `Environment` CRD exposes `spec.runtime.podSpec` and `spec.builder.podSpec`, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated `hostNetwork`, `hostPID`, `hostIPC`, container\n `privileged`, and `serviceAccountName` from the user-supplied podspec with no filtering, and `Environment.Validate` performed no security-relevant checks on these fields.\n\n### Details\n\nA namespace user with `create`/`update` on `environments.fission.io` could produce privileged, host-network, hostPID pods in the Fission function or builder namespace. Because the Helm chart created the `fission-function` and\n`fission-builder` namespaces with no `pod-security.kubernetes.io/enforce` labels, Kubernetes Pod Security Admission did not catch the escape either.\n\nFrom a host-network privileged pod with hostPID, the attacker could `nsenter` into the host, read cloud-metadata credentials, access the container-runtime socket, pivot to other namespaces, and fully compromise the node.\n\n### Impact\n\n`environments.fission.io` create/update RBAC is escalated to node compromise \u2014 host filesystem and network access on the scheduling node, and from there potential cluster-wide takeover.\n\n### Fix\n\nFixed in [#3391](https://github.com/fission/fission/pull/3391) and released in [v1.24.0](https://github.com/fission/fission/releases/tag/v1.24.0). Denylist at admission (the primary defence) plus belt-and-braces at the merge layer.\n\n**Admission denylist** (`pkg/apis/core/v1/podspec_safety.go::ValidatePodSpecSafety`), called from `Environment.Validate` for both `Runtime.PodSpec` and `Builder.PodSpec`:\n\n- pod-level: `HostNetwork`, `HostPID`, `HostIPC`, `ServiceAccountName` / `DeprecatedServiceAccount` override, hostPath volumes;\n- per-container: `SecurityContext.Privileged=true`, `SecurityContext.AllowPrivilegeEscalation=true`, dangerous capabilities (`SYS_ADMIN`, `NET_ADMIN`, `SYS_PTRACE`, `SYS_MODULE`, `DAC_READ_SEARCH`, `DAC_OVERRIDE`).\n\n**Update-bypass closed:** the `Environment` validating-webhook marker is extended from `verbs=create` to `verbs=create;update` (chart and envtest manifests aligned).\n\n**Merge-layer belt-and-braces** (`pkg/executor/util/merge.go`): even if admission is bypassed (`failurePolicy=Ignore` or stale pre-webhook objects), the denylisted pod-level fields are stripped and per-container dangerous settings are\nsanitized before the merge (with `SecurityContext` deep-copied first so cached informer objects are not mutated). Legitimate operator hardening via the chart\u0027s pod-level `securityContext` (fsGroup, runAsNonRoot, runAsUser) still flows\nthrough.\n\n### Behavioural change\n\nEnvironments that explicitly set any denylisted field are now rejected at admission. There is no legitimate Fission use case \u2014 these primitives exist for cluster operators, not Environment authors.\n\nThis is the same root cause and fix as GHSA-wmgg-3p4h-48x7.",
"id": "GHSA-gx55-f84r-v3r7",
"modified": "2026-06-30T18:19:32Z",
"published": "2026-06-30T18:19:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fission/fission/security/advisories/GHSA-gx55-f84r-v3r7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50564"
},
{
"type": "WEB",
"url": "https://github.com/fission/fission/pull/3391"
},
{
"type": "WEB",
"url": "https://github.com/fission/fission/commit/e484df8460bb4e8026e24210120602aa7f181f64"
},
{
"type": "PACKAGE",
"url": "https://github.com/fission/fission"
},
{
"type": "WEB",
"url": "https://github.com/fission/fission/releases/tag/v1.24.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.