Lucene search
+L

4 matches found

cve
cve
added yesterday14 views

CVE-2026-45738

CVE-2026-45738 : Argo CD contains a Stored XSS in link.argocd.argoproj.io/* annotations that can be rendered as anchor href values in the Summary tab, enabling javascript: execution for a higher-privileged user in the origin session when there is application write access. This is fixed in Argo CD...

7.3CVSS6.2AI score0.00037EPSS
Exploits0References7
cvelist
cvelist
added yesterday32 views

CVE-2026-45738 Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/ annotations whose pipe-separated values are rendered by...

7.3CVSS0.00037EPSS
Exploits0References7
osv
osv
added 2026/06/25 10:34 p.m.6 views

GO-2026-5418 Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation in github.com/argoproj/argo-cd

Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation in github.com/argoproj/argo-cd...

7.3CVSS5.8AI score0.00037EPSS
Exploits0References1
osv
osv
added 2026/05/19 3:54 p.m.10 views

GHSA-H98R-WV3H-FR38 Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation

Summary A user with application write access developer role can set link.argocd.argoproj.io/ annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's URLs section as elements without URL validation. Using the pipe-separator trick Display Text |...

7.3CVSS6AI score0.00037EPSS
Exploits0References2
Rows per page
Query Builder