pkg:Go/github.com/fission/fission
4 total CVEsCRITICAL1HIGH1
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2026-46614Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTriggerfrom 0, < 1.23.0
- HIGH8.8CVE-2026-46612Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archivesfrom 0, < 1.23.0
- —CVE-2026-46618Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executablesfrom 0, < 1.23.0
- —CVE-2026-46617Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap readfrom 0, < 1.23.0