PatchSiren cyber security CVE debrief
CVE-2026-50566 fission CVE debrief
CVE-2026-50566 is a critical vulnerability in Fission, a Kubernetes-native serverless framework. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor's high-privilege service account. This enables container-sandbox escape, host filesystem and network access, and potential node- and cluster-level compromise.
- Vendor
- fission
- Product
- Unknown
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Users of Fission, a Kubernetes-native serverless framework, should be aware of this critical vulnerability. Specifically, tenants with environments.fission.io create/update RBAC are at risk.
Technical summary
The vulnerability has a CVSS score of 9.9 and is classified as CRITICAL. It was published on [cvePublishedAt] and modified on [cveModifiedAt]. The vulnerability is associated with CWE-250 and CWE-269.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Fission version 1.24.0 or later.
- Review and restrict environments.fission.io create/update RBAC permissions.
- Monitor Fission function and builder namespaces for suspicious activity.
Evidence notes
Evidence for this CVE can be found at [resourceLinkAnnotations].
Official resources
CVE-2026-50566 was published on 2026-06-10T18:17:13.040Z and modified on 2026-06-12T14:16:32.790Z.