CVE-2026-49822: Fission Privilege Escalation Vulnerability

CVE-2026-49822 Overview

Fission is an open-source, Kubernetes-native serverless framework for deploying functions and applications on Kubernetes. CVE-2026-49822 is a broken access control vulnerability [CWE-284] affecting Fission versions prior to 1.24.0. A low-privilege developer who can create a KubernetesWatchTrigger (KWT) inside their own namespace can establish a persistent surveillance channel over any other namespace in the cluster. The flaw allows tenant boundaries to be bypassed within multi-tenant Kubernetes deployments. The Fission maintainers patched the issue in version 1.24.0.

Critical Impact

Authenticated low-privilege users in shared Kubernetes clusters can monitor resources across namespace boundaries, breaking tenant isolation and exposing confidential workload activity.

Affected Products

• Fission serverless framework versions prior to 1.24.0
• Kubernetes clusters running Fission in multi-tenant configurations
• Workloads relying on namespace isolation for confidentiality of resource events

Discovery Timeline

• 2026-06-10 - CVE-2026-49822 published to NVD
• 2026-06-10 - Last updated in NVD database

Technical Details for CVE-2026-49822

Vulnerability Analysis

Fission exposes a Custom Resource called KubernetesWatchTrigger that allows developers to define a watch on Kubernetes objects and invoke a function whenever a matching event occurs. The trigger specification accepts a target namespace as a configurable field. Prior to version 1.24.0, the Fission controller did not enforce that the requesting user held watch permissions in the target namespace. As a result, a developer authorized only in their own namespace could create a KWT pointing at any other namespace and receive a stream of object events from that namespace.

The issue is classified as Improper Access Control [CWE-284]. The impact is scoped to confidentiality, since the attacker observes events such as Pod, ConfigMap, and Secret lifecycle activity but does not directly modify or deny them through this path. Because Fission acts on behalf of its service account, the watch executes with cluster-level privileges rather than the requester's restricted credentials. The CVSS scope change reflects this privilege boundary crossing.

Root Cause

The Fission controller treated the namespace field of a KubernetesWatchTrigger as user-supplied data without validating it against the requester's RBAC scope. No authorization check tied the trigger's target namespace back to the creator's permissions. The fix in pull request 3379 introduces validation so KWT creation respects the requester's effective access.

Attack Vector

An attacker authenticates to the Kubernetes cluster with developer-level credentials limited to a single namespace. The attacker submits a KubernetesWatchTrigger manifest in their own namespace but sets the trigger's target namespace to a victim namespace, such as kube-system or a tenant's production namespace. Fission's controller subscribes to events in the target namespace and forwards them to a function the attacker controls. The attacker then receives a continuous stream of resource events from the victim namespace. See the Fission Security Advisory GHSA-gc3j-79f2-7vvw for additional technical detail.

Detection Methods for CVE-2026-49822

Indicators of Compromise

• KubernetesWatchTrigger resources whose spec.namespace differs from the namespace in which the trigger object resides
• Fission controller audit log entries showing watch streams established against sensitive namespaces such as kube-system, kube-public, or tenant production namespaces
• Functions invoked at high frequency in response to object events originating outside the function's own namespace

Detection Strategies

• Inventory all KubernetesWatchTrigger custom resources cluster-wide and flag any where the target namespace does not match the resource's own namespace.
• Review Kubernetes API server audit logs for watch verbs issued by the Fission controller service account against namespaces the requesting user cannot otherwise access.
• Correlate Fission function invocation logs with the namespace of the originating event to surface cross-namespace event flows.

Monitoring Recommendations

• Enable Kubernetes audit logging at the Metadata level or higher for Fission service accounts and custom resources.
• Alert on creation of KubernetesWatchTrigger resources targeting namespaces outside the creator's RBAC scope.
• Monitor Fission version inventory across clusters and alert on instances older than 1.24.0.

How to Mitigate CVE-2026-49822

Immediate Actions Required

• Upgrade Fission to version 1.24.0 or later in all clusters where the framework is deployed.
• Audit existing KubernetesWatchTrigger resources and delete any that target namespaces outside their owner's authorized scope.
• Restrict the ability to create Fission custom resources to trusted users until the upgrade is complete.

Patch Information

The vulnerability is fixed in Fission v1.24.0. The corrective change is delivered in pull request 3379, which adds namespace authorization validation when a KubernetesWatchTrigger is created.

Workarounds

• Use Kubernetes RBAC to revoke create permission on kuberneteswatchtriggers.fission.io for low-privilege developers until patching is complete.
• Deploy an admission controller policy (OPA Gatekeeper or Kyverno) that rejects KubernetesWatchTrigger objects whose spec.namespace differs from metadata.namespace.
• Isolate Fission installations per tenant in dedicated clusters where strict namespace boundaries are required.

# Example Kyverno policy fragment to block cross-namespace KWTs
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: restrict-fission-kwt-namespace
spec:
  validationFailureAction: Enforce
  rules:
    - name: kwt-must-match-own-namespace
      match:
        any:
          - resources:
              kinds:
                - KubernetesWatchTrigger
      validate:
        message: "KubernetesWatchTrigger target namespace must equal its own namespace."
        deny:
          conditions:
            any:
              - key: "{{ request.object.spec.namespace }}"
                operator: NotEquals
                value: "{{ request.object.metadata.namespace }}"