A vulnerability described as critical has been identified in Fission up to 1.22.x . Affected by this issue is some unknown functionality of the file pkg/builder/builder.go . Executing a manipulation can lead to os command injection. This vulnerability appears as CVE-2026-46618 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.