HomeCVE Intelligence › CVE-2026-49824
CVSS 8.5 HIGH Vulnerability

CVE-2026-49824: Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function…

Summary The Fission Function admission webhook (pkg/webhook/function.go) validated that spec.secrets[].namespace and spec.configmaps[].namespace equalled the function's own namespace but performed no equivalent check on…

8.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-49824
Vendorgo
Affected Productgithub.com/fission/fission
Vulnerability TypeVulnerability
CVSS Score8.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary The Fission Function admission webhook (pkg/webhook/function.go) validated that spec.secrets[].namespace and spec.configmaps[].namespace equalled the function's own namespace but performed no equivalent check on

spec.environment.namespace.

Details An attacker with permission to create Functions in their own namespace could set spec.environment.namespace to any other tenant's namespace. poolmgr and newdeploy would then look up and use the victim's Environment CRD when scheduling

function pods, so the attacker's function executed inside the victim's container image. This is useful both for code and credential theft — the victim's runtime image may contain hardcoded secrets — and for confused-deputy attacks where the victim's runtime image is a privileged sidecar. ##

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-49824 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence