Fission, SecurityContext Bypass via Standalone Container Field, CVE-2026-50566 (Critical) -DC-Jun2026-748

Listen to this Post

How CVE-2026-50566 Works

Fission is a Kubernetes-native serverless framework. Prior to version 1.24.0, a critical vulnerability existed in the Environment Custom Resource Definition (CRD). Previous security advisories (GHSA-gx55-f84r-v3r7, GHSA-wmgg-3p4h-48×7, GHSA-v455-mv2v-5g92) had implemented validation and sanitization for the `PodSpec` fields within an Environment, such as `spec.runtime.podSpec` and spec.builder.podSpec.
However, the Environment CRD also exposes `spec.runtime.container` and spec.builder.container. These are standalone `Container` specifications that are merged into the runtime or builder pod. The security context of these standalone containers bypassed the existing security layers.

The vulnerability stems from two distinct gaps:

  1. Admission-layer gap: The `Environment.Validate()` function only calls `ValidatePodSpecSafety()` on the `Runtime.PodSpec` and Builder.PodSpec. This function takes a `PodSpec` as an argument and never inspects the standalone `Runtime.Container.SecurityContext` or Builder.Container.SecurityContext.
  2. Merge-layer gap: The `sanitizeContainerSecurityContext()` function was only invoked inside MergePodSpec(). The container field is merged via MergeContainer(), which did not perform any sanitization. If only `Runtime.Container` is set and `Runtime.PodSpec` is nil, `MergePodSpec` is never called, and the sanitizer never runs.
    The affected merge sites are `poolmgr` (gp_deployment.go), `newdeploy` (newdeploy.go), and `buildermgr` (envwatcher.go).
    As a result, a tenant with `environments.fission.io` create/update RBAC can create an Environment with a malicious `SecurityContext` in the standalone container. This allows the deployment of privileged containers, containers with allowPrivilegeEscalation: true, or containers with dangerous Linux capabilities like SYS_ADMIN, NET_ADMIN, and SYS_PTRACE.
    These containers are scheduled under the executor’s high-privilege service account, enabling container-sandbox escape, host filesystem and network access, and potential node- and cluster-level compromise.
    The fix was implemented in pull request 3406 and released in version 1.24.0. The primary defense is a new `ValidateContainerSafety` function in `pkg/apis/core/v1/podspec_safety.go` that applies the per-container `SecurityContext` denylist to standalone containers. As a defense-in-depth measure, `sanitizeContainerSecurityContext()` is now invoked inside `MergeContainer()` itself.

DailyCVE Form

Platform: Fission
Version: < 1.24.0
Vulnerability: SecurityContext Bypass
Severity: Critical (CVSS 9.9)
Date: 2026-06-10

Prediction: Patch expected 2026-05

What Undercode Say

Analytics on the CVE-2026-50566 vulnerability:

Check Fission version
kubectl get deploy -n fission fission-controller -o jsonpath='{.spec.template.spec.containers[bash].image}'
List Environments to identify potentially vulnerable CRDs
kubectl get environments -A -o yaml | grep -A 5 "securityContext"
Search for pods with privileged containers in Fission namespaces
kubectl get pods -n fission-function -o json | jq '.items[] | select(.spec.containers[]?.securityContext?.privileged == true)'

Exploit

A malicious tenant can exploit this vulnerability by creating an Environment with a standalone container that has a dangerous SecurityContext:

apiVersion: fission.io/v1
kind: Environment
metadata:
name: priv-escape-test
namespace: default
spec:
version: 3
runtime:
image: "ghcr.io/fission/python-env:latest"
container:
name: priv-escape-test
securityContext:
privileged: true
poolsize: 1

The admission webhook accepts this Environment, and the resulting pool pod runs with privileged: true. Equivalent bypasses include setting `allowPrivilegeEscalation: true` or adding dangerous capabilities like `[“SYS_ADMIN”]` or ["NET_ADMIN","SYS_PTRACE"]. The same attack applies to Builder.Container.

Protection

  • Upgrade: Upgrade Fission to version 1.24.0 or newer, which includes the fix.
  • RBAC Restriction: Restrict `environments.fission.io` create/update RBAC to trusted administrators only.
  • Policy Enforcement: Deploy a Kyverno or OPA Gatekeeper policy to reject dangerous `Container SecurityContext` on Environment CRDs.
  • Pod Security Standards: Label the function and builder namespaces with pod-security.kubernetes.io/enforce: restricted.
  • Runtime Security: Enforce restrictive runtime security policies, such as setting `allowPrivilegeEscalation` to false and limiting capabilities.

Impact

A tenant with `environments.fission.io` create/update RBAC can run privileged containers, containers with allowPrivilegeEscalation, or containers with dangerous capabilities in the Fission function or builder namespace. These containers are scheduled under the executor’s high-privilege service account, enabling:
– Container-sandbox escape
– Host filesystem and network access
– Potential node- and cluster-level compromise
The blast radius is identical to previous PodSpec injection vulnerabilities (GHSA-gx55-f84r-v3r7).

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top