A critical vulnerability has been found in the Fission router associated with the LiteSpeed cPanel Plugin, allowing unauthorized access to private cluster processes with a CVSS score of 9.8. This flaw stems from improper isolation of internal routing paths, enabling external actors to invoke hidden functions. The development team has addressed this issue in version v1.23.0 by separating public and internal listeners and implementing an HMAC verifier.
For immediate protection, organizations should apply network isolation policies until they can upgrade. Security auditing of Kubernetes serverless environments is essential to mitigate risks.