Fission’s Environment CRD allows developers to specify arbitrary pod specifications for runtime and builder images. In versions prior to 1.24.0 the SDK performed no validation on the Environment.spec.runtime.podSpec or spec.builder.podSpec fields, and the MergePodSpec process incorporated these fields into the actual Kubernetes pod spec. An attacker who can create or modify a Fission Environment can inject privileged container fields such as hostPath volumes, privileged container flags, or arbitrary init containers, enabling execution of code outside the intended function sandbox. The result is elevation of privileges on the node, full control of the underlying Kubernetes cluster, and complete takeover of the environment.

The affected product is Fission, an open‑source serverless framework for Kubernetes. All releases older than version 1.24.0 are vulnerable. The patch was released with version 1.24.0 and subsequent releases; deploying that or newer versions eliminates the flaw.

The CVSS score of 9.9 denotes critical severity. The EPSS score is not reported, so there is no published probability, but the lack of input validation and the scope to cluster‑level privileges make it a high‑risk threat. The vulnerability is likely exploitable by constructing a malicious Environment CRD, which requires permissions to create or update such resources; this is a local or remote privilege escalation vector if an attacker can view or write CRDs. The issue is not listed in the CISA KEV catalog, but its critical score and node‑escape capability warrant immediate attention.