CVE-2026-49821

high

Description

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. This issue has been patched in version 1.24.0.

References

https://github.com/fission/fission/security/advisories/GHSA-vjhc-cf4p-72q4

https://github.com/fission/fission/releases/tag/v1.24.0

https://github.com/fission/fission/pull/3379

Details

Source: Mitre, NVD

Published: 2026-06-10

Updated: 2026-06-10

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.7

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00027