Threats Tagged 'cve-2026-49821'
View all threats tagged with 'cve-2026-49821'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-49821'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-vjhc-cf4p-72q4: Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltrationCVE-2026-49821 0 Fission's buildermgr controller failed to verify that the Package Custom Resource Definition (CRD) environment namespace matched the package's own namespace. This allowed an attacker with package creation rights in their own namespace to specify a different namespace for the environment, causing the controller to execute build commands in another tenant's namespace. Malicious build steps could exfiltrate the victim namespace's fission-builder service account token via build logs, enabling read access to all Secrets and ConfigMaps in that namespace. The issue was fixed in Fission v1.24.0 by enforcing namespace checks both at admission webhook and controller levels. Join the discussion | GCVE Database | 06/30/2026, 18:15:27 UTC Added: 06/30/2026, 23:36:09 UTC |
Showing 1 to 1 of 1 result