CVE-2026-50569 | Fission up to 1.24.x Direct Kubernetes REST API HTTPTriggerSpec.Validate cross-domain policy (GHSA-vchh-r53j-8mpw)

A vulnerability, which was classified as problematic, has been found in Fission up to 1.24.x. The impacted element is the function HTTPTriggerSpec.Validate of the component Direct Kubernetes REST API. Performing a manipulation results in permissive cross-domain policy with untrusted domains.

This vulnerability is known as CVE-2026-50569. Remote exploitation of the attack is possible. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More