GO-2026-4717 Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo

Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo...

GO-2026-4515 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints in github.com/akuity/kargo

Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints in github.com/akuity/kargo...

kargo 安全漏洞

Kargo is a continuous delivery tool developed by Akuity. Versions 1.9.0 to 1.9.2 of Kargo contain security vulnerabilities. These vulnerabilities stem from the lack of authorization checks for three endpoints in the REST API, which may lead to bypassing the intended authorization boundaries...

GO-2026-4385 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access in github.com/akuity/kargo

Kargo's GetConfig and RefreshResource API endpoints allow unauthenticated access in github.com/akuity/kargo...