VYPR
← All advisories
Medium severityGHSA Advisory· Published May 21, 2026· Updated May 21, 2026

Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

CVE-2026-46618

Description

Summary

Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command(...) after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace observed by the buildermgr could thereby point the builder pod at any executable inside the builder image (e.g. /bin/sh -c '...') and execute arbitrary code in the builder pod context.

Affected component

  • pkg/builder/builder.go:254 — call site (exec.Command(buildCmd, buildArgs...)).
  • pkg/builder/builder.go:106 — input source: buildCmd, buildArgs = strings.Fields(req.BuildCommand)[0], strings.Fields(req.BuildCommand)[1:].

Impact

A subject with create / update privilege on Environment objects could:

  1. Cause the builder pod for any package using that environment to execute arbitrary code.
  2. Read whatever files the builder pod has access to inside its /packages shared volume (deployment archive payloads for that package).
  3. Write arbitrary content into the /packages shared volume, which the fetcher subsequently uploads as the package deployment archive.

The builder pod runs in the user's namespace with the fission-builder SA (not the more-privileged executor SA), so the impact is bounded to that namespace's package contents and the builder pod's own filesystem. PR:H reflects that creating / modifying Environment CRDs is typically restricted to cluster admins or platform operators.

Root cause

pkg/builder/builder.go's build-command parser did not validate the resulting executable path. Although exec.Command does not invoke a shell, it does locate the executable via $PATH, and strings.Fields splitting allowed multiple flags / sub-arguments to be passed.

Fix

Released in v1.23.0:

- PR #3364 (commit 0f45c911) introduces Builder.resolveBuildCommand in pkg/builder/builder.go, which: 1. Accepts an empty string (treated as the default /build). 2. Accepts the literal /build. 3. Accepts any absolute path that survives filepath.Clean and contains no .. segments. 4. Rejects anything containing whitespace metacharacters or relative paths. - exec.Command still receives only the validated absolute path; sub-arguments continue to come from strings.Fields of the original string but are now passed positionally with no shell expansion.

Mitigation (until upgrade)

  1. Restrict who can create / update Environment CRDs to trusted operators only.
  2. Audit Environment.spec.builder.command values for any non-/build paths.
  3. Run the buildermgr with a tightened ServiceAccount that has no secret access in the builder namespace.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Fission builder pods execute arbitrary commands from unvalidated Environment CRD fields, allowing code execution and shared volume access in the user namespace.

Vulnerability

CVE-2026-46618 is a command injection vulnerability in the Fission serverless framework's builder component. The root cause lies in pkg/builder/builder.go (line 254), which passes Environment.spec.builder.command directly to exec.Command(...) after a strings.Fields split with no validation of the executable path or arguments [2][4]. A user with create or update privilege on Environment CRDs can point the builder pod at any executable inside the builder image (e.g., /bin/sh -c '...') and execute arbitrary code in the builder pod context [1][2].

Exploitation

To exploit, an attacker must be able to create or modify Environment CRDs in a namespace observed by the buildermgr. The builder pod runs in the user's namespace with the fission-builder service account [2][4]. By crafting Environment.spec.builder.command with a malicious executable path and arguments, the attacker can cause the builder pod for any package using that environment to execute arbitrary code [2].

Impact

Successful exploitation allows the attacker to: (1) execute arbitrary code in the builder pod context, (2) read files inside the /packages shared volume (deployment archive payloads for that package), and (3) write arbitrary content into the shared volume, which the fetcher then uploads as the package deployment archive [2][4]. The impact is bounded to the user's namespace and the builder pod's filesystem [2][4].

Mitigation

The fix is released in Fission v1.23.0 via PR #3364 (commit 0f45c911), which introduces Builder.resolveBuildCommand in pkg/builder/builder.go [1][3][4]. This function validates the build command: it accepts an empty string (treated as the default /build), the literal /build, or any absolute path that survives filepath.Clean and contains no unsafe characters [4]. Users should upgrade to v1.23.0 or later and restrict Environment CRD create/update permissions to trusted administrators [2][4].

References
  1. Security fixes 2026 05 by sanketsudake · Pull Request #3364 · fission/fission
  2. CVE-2026-46618 - GitHub Advisory Database
  3. Release v1.23.0 · fission/fission
  4. Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Fission/FissionGHSA2 versions
    <= 1.22.0+ 1 more
    • (no CPE)range: <= 1.22.0
    • (no CPE)range: <1.23.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.