Package impact
Go / github.com/fission/fission
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46617 | high | — | 8.0 | 8d ago | Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read | |||
| CVE-2026-46612 | high | — | 8.0 | 8d ago | Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives | |||
| CVE-2026-46618 | medium | — | 5.5 | 8d ago | Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables |