Argo CD Unauthenticated Access to sensitive setting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. id: CVE-2024-37152 info: name: Ar...

OPENSUSE-SU-2026:10888-1 argocd-cli-3.4.3-1.1 on GA media

These are all security issues fixed in the argocd-cli-3.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.20.4 security update

Important: Red Hat OpenShift GitOps v1.20.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8784 Service-CA annotation removed from argocd-server Service during v1.12.3 - v1.12.4 upgrade path, persists in later versions GITOPS-9549...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.4 security update

Important: Red Hat OpenShift GitOps v1.19.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8784 Service-CA annotation removed from argocd-server Service during v1.12.3 - v1.12.4 upgrade path, persists in later versions...

CVE-2026-45737 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater...

CVE-2026-45738 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater...

GHSA-H98R-WV3H-FR38 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater...

GHSA-RG3G-4RW9-GQRP vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater...

GHSA-RG3G-4RW9-GQRP vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater-fips, argocd-image-updater...

CVE-2026-45737 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater-fips, argocd-image-updater...

CVE-2026-45738 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater-fips, argocd-image-updater...

GHSA-H98R-WV3H-FR38 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater-fips, argocd-image-updater...

GHSA-H98R-WV3H-FR38 Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation

Summary A user with application write access developer role can set link.argocd.argoproj.io/ annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's URLs section as elements without URL validation. Using the pipe-separator trick Display Text |...

GHSA-3V3M-WC6V-X4X3 vulnerabilities

Vulnerabilities for packages: argocd-image-updater...

CVE-2026-42880 vulnerabilities

Vulnerabilities for packages: argocd-image-updater...

GHSA-3V3M-WC6V-X4X3 vulnerabilities

Vulnerabilities for packages: argocd-image-updater-fips, argocd-image-updater...

CVE-2026-42880 vulnerabilities

Vulnerabilities for packages: argocd-image-updater-fips, argocd-image-updater...

EUVD-2026-28469

ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: packer-fips, kaniko, kots, wolfictl, external-secrets-operator-fips, crossplane-fips, chainctl, src-fingerprint-fips, chainctl-fips, grafana-alloy-fips, kubescape-server-fips, kaniko-fips, cerbos, argo-workflows-fips, argo-events-fips, kubescape-server, flux-fips,...

EUVD-2026-23126

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...