CRITICAL9.8CVE-2026-46614Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger
from 0, < 1.23.0
HIGH8.8CVE-2026-46612Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
from 0, < 1.23.0
—CVE-2026-46618Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
from 0, < 1.23.0
—Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read