CVE-2026-46618 Overview
CVE-2026-46618 is a command injection vulnerability in Fission, an open-source Kubernetes-native serverless framework. The flaw exists in pkg/builder/builder.go, which passed Environment.spec.builder.command directly into exec.Command(...) after a strings.Fields split. The code performed no validation of the executable path or its arguments. A user with permission to create or update Environment Custom Resource Definitions (CRDs) in a namespace observed by the buildermgr could redirect the builder pod to any executable inside the builder image and run arbitrary code in the builder pod context. The issue was patched in Fission version 1.23.0.
Critical Impact
Authenticated users with Environment CRD write access can execute arbitrary commands inside builder pods, enabling lateral movement within Kubernetes clusters running Fission [CWE-78].
Affected Products
- Fission serverless framework versions prior to 1.23.0
- Kubernetes clusters running the Fission buildermgr component
- Environments using Fission builder pods for function builds
Discovery Timeline
- 2026-06-10 - CVE-2026-46618 published to NVD
- 2026-06-10 - Last updated in NVD database
Technical Details for CVE-2026-46618
Vulnerability Analysis
Fission allows users to define Environment CRDs that specify how function code is built into runnable artifacts. Each Environment includes a builder specification containing a command field that the buildermgr invokes inside a builder pod. Prior to version 1.23.0, the builder code path took this user-controlled string, applied strings.Fields to tokenize it on whitespace, and passed the result directly to Go's exec.Command function.
No allowlist, path validation, or argument filtering existed. Any value the user supplied became the executable and its arguments. Attackers with namespace-level permissions to manage Environment resources could substitute the intended builder binary with /bin/sh -c '<payload>' or any other binary present in the container image. Execution occurred inside the builder pod's service account context, exposing mounted secrets, in-cluster API access, and adjacent workloads.
Root Cause
The root cause is missing input validation on the Environment.spec.builder.command field [CWE-78: Improper Neutralization of Special Elements used in an OS Command]. The Fission control plane trusted CRD content as configuration data rather than treating it as untrusted input that crosses a security boundary into process execution.
Attack Vector
The attack requires Kubernetes API access sufficient to create or modify Environment CRDs in a namespace that the buildermgr reconciles. The attacker submits an Environment manifest specifying an arbitrary command string. When buildermgr schedules the builder pod and invokes the command, the supplied payload runs with the privileges of the builder pod, including any mounted ServiceAccount token.
The vulnerability mechanism is documented in the Fission Security Advisory GHSA-7pjr-qpvh-m339 and the corresponding remediation pull request.
Detection Methods for CVE-2026-46618
Indicators of Compromise
- Environment CRDs containing builder.command values referencing shells such as /bin/sh, /bin/bash, or -c flag patterns
- Unexpected process trees originating from builder pods, particularly shell processes spawning network utilities
- Builder pod logs showing command output unrelated to legitimate function build steps
- Outbound network connections from builder pods to attacker-controlled infrastructure
Detection Strategies
- Audit Kubernetes API server logs for CREATE and UPDATE operations on environments.fission.io resources and review the spec.builder.command field values
- Inspect running builder pods for processes that do not match the expected builder binary defined by the environment image
- Correlate ServiceAccount token usage from builder pods against expected build-time API calls
Monitoring Recommendations
- Enable Kubernetes audit logging at the RequestResponse level for Fission CRD resources and forward events to a centralized analytics platform
- Monitor builder pod runtime behavior with a workload protection sensor that flags shell execution and process injection patterns
- Alert on Environment objects modified by service accounts or users outside the expected developer or CI/CD identity set
How to Mitigate CVE-2026-46618
Immediate Actions Required
- Upgrade Fission to version 1.23.0 or later in all clusters running the buildermgr component
- Review existing Environment CRDs across all namespaces and remove or replace any with suspicious builder.command values
- Rotate ServiceAccount tokens and credentials accessible from builder pods if compromise is suspected
- Restrict create and update verbs on environments.fission.io resources to trusted identities through Kubernetes RBAC
Patch Information
The fix is included in Fission release v1.23.0. The remediation introduced validation on the builder command path and arguments, preventing arbitrary executable substitution. See the merged pull request #3364 for the code-level changes.
Workarounds
- Apply Kubernetes RBAC policies that deny Environment CRD modification rights to non-administrative users until the patched version is deployed
- Use admission controllers such as OPA Gatekeeper or Kyverno to reject Environment manifests whose spec.builder.command does not match an approved allowlist
- Run builder pods with minimal ServiceAccount privileges and disable automatic token mounting where the build workflow does not require API access
# Configuration example: Kyverno policy fragment restricting builder.command
# Apply with: kubectl apply -f restrict-fission-builder.yaml
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: restrict-fission-builder-command
spec:
validationFailureAction: Enforce
rules:
- name: validate-builder-command
match:
any:
- resources:
kinds:
- environments.fission.io/v1
validate:
message: "builder.command must reference an approved build binary"
pattern:
spec:
builder:
command: "build"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
