CVE-2026-49821 Overview
CVE-2026-49821 is a cross-boundary resource access vulnerability in Fission, an open-source Kubernetes-native serverless framework. The buildermgr controller processes Package Custom Resource Definitions (CRDs) without verifying that Package.spec.environment.namespace matches Package.metadata.namespace. This allows a user with permissions in one namespace to reference Environment resources in other namespaces, breaking Kubernetes namespace isolation boundaries. The vulnerability affects all versions of Fission prior to 1.24.0 and is tracked as CWE-441: Unintended Proxy or Intermediary.
Critical Impact
Authenticated users can leverage the buildermgr controller to access Environment resources across namespace boundaries, violating Kubernetes multi-tenancy isolation.
Affected Products
- Fission serverless framework versions prior to 1.24.0
- Fission buildermgr controller component
- Kubernetes clusters running Fission with multi-namespace tenancy
Discovery Timeline
- 2026-06-10 - CVE-2026-49821 published to NVD
- 2026-06-10 - Last updated in NVD database
Technical Details for CVE-2026-49821
Vulnerability Analysis
Fission provides a Kubernetes-native serverless framework where functions reference Environments and Packages as CRDs. The buildermgr controller is responsible for building source code Packages into deployable artifacts using the referenced Environment.
The vulnerability stems from missing validation logic in the controller. When processing a Package CRD, buildermgr reads the spec.environment.namespace field directly without confirming it matches the namespace where the Package itself resides. The controller then performs build operations using the cross-namespace Environment, treating the request as legitimate.
This confused deputy condition maps to CWE-441: Unintended Proxy or Intermediary. The buildermgr controller, operating with elevated cluster privileges, acts on behalf of a lower-privileged user to access resources the user could not reach directly.
Root Cause
The root cause is missing authorization validation between the Package metadata namespace and its referenced Environment namespace. The controller trusts user-supplied namespace values in the Package specification without confirming the requester has access to the target namespace. See the GitHub Pull Request for the corrective code changes.
Attack Vector
An attacker with permissions to create Package CRDs in one namespace crafts a Package specifying spec.environment.namespace pointing to a different namespace. The buildermgr controller processes the Package and interacts with the Environment in the unauthorized namespace, enabling cross-tenant information disclosure or build manipulation. The attack requires low privileges, network access to the Kubernetes API, and no user interaction. Refer to the GitHub Security Advisory GHSA-vjhc-cf4p-72q4 for additional technical context.
Detection Methods for CVE-2026-49821
Indicators of Compromise
- Package CRDs where spec.environment.namespace does not equal metadata.namespace
- buildermgr controller logs showing builds referencing Environments in foreign namespaces
- Unexpected build pod activity spanning multiple tenant namespaces
- Audit log entries showing Package creation by users without access to the referenced Environment namespace
Detection Strategies
- Query Kubernetes API for all Fission Package CRDs and flag any where the environment namespace differs from the Package namespace
- Enable Kubernetes audit logging for create and update operations on packages.fission.io resources
- Inspect buildermgr controller logs for build operations crossing namespace boundaries
- Run the Fission CLI to inventory Package-to-Environment relationships across the cluster
Monitoring Recommendations
- Continuously monitor Fission CRD changes through Kubernetes admission controllers or policy engines such as OPA Gatekeeper or Kyverno
- Forward Kubernetes audit logs and Fission controller logs to a centralized analytics platform for correlation
- Alert on any service account performing cross-namespace resource reads outside expected patterns
- Review RBAC bindings granting Package create permissions to identify potential abuse paths
How to Mitigate CVE-2026-49821
Immediate Actions Required
- Upgrade Fission to version 1.24.0 or later, which contains the validation fix
- Audit existing Package CRDs across all namespaces and remove any with mismatched environment namespace references
- Restrict RBAC permissions for Package CRD creation to trusted users and service accounts only
- Enable Kubernetes audit logging if not already active to capture future cross-namespace attempts
Patch Information
Fission released version 1.24.0 containing the fix. The patch adds validation ensuring Package.spec.environment.namespace matches Package.metadata.namespace before the buildermgr controller processes the request. See the GitHub Release v1.24.0 for release notes and upgrade instructions.
Workarounds
- Deploy an admission controller policy that rejects Package CRDs where the environment namespace differs from the Package namespace
- Limit Fission deployments to single-tenant clusters until the upgrade is applied
- Implement Kyverno or OPA Gatekeeper rules enforcing namespace consistency on Fission Package resources
- Remove or restrict create permissions on packages.fission.io for non-administrative service accounts
# Upgrade Fission to patched version using Helm
helm repo update
helm upgrade --install fission fission-charts/fission-all \
--namespace fission \
--version 1.24.0
# Verify deployed version
kubectl get deployment -n fission buildermgr -o jsonpath='{.spec.template.spec.containers[0].image}'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
