VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/fission/fission

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46614 critical 9.5 9d ago Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger
CVE-2026-46617 high 8.0 9d ago Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
CVE-2026-46612 high 8.0 9d ago Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives