Argo CD Unauthenticated Access to sensitive setting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. id: CVE-2024-37152 info: name: Ar...

OPENSUSE-SU-2026:10888-1 argocd-cli-3.4.3-1.1 on GA media

These are all security issues fixed in the argocd-cli-3.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.20.4 security update

Important: Red Hat OpenShift GitOps v1.20.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8784 Service-CA annotation removed from argocd-server Service during v1.12.3 - v1.12.4 upgrade path, persists in later versions GITOPS-9549...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.4 security update

Important: Red Hat OpenShift GitOps v1.19.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8784 Service-CA annotation removed from argocd-server Service during v1.12.3 - v1.12.4 upgrade path, persists in later versions...

GHSA-H98R-WV3H-FR38 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater...

CVE-2026-45737 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater...

GHSA-RG3G-4RW9-GQRP vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater...

CVE-2026-45738 vulnerabilities

Vulnerabilities for packages: argo-cd, argocd-image-updater...

CVE-2026-45737 vulnerabilities

Vulnerabilities for packages: argocd-image-updater, argocd-image-updater-fips, argo-cd...

CVE-2026-45738 vulnerabilities

Vulnerabilities for packages: argocd-image-updater, argocd-image-updater-fips, argo-cd...

GHSA-RG3G-4RW9-GQRP vulnerabilities

Vulnerabilities for packages: argocd-image-updater, argocd-image-updater-fips, argo-cd...

GHSA-H98R-WV3H-FR38 vulnerabilities

Vulnerabilities for packages: argocd-image-updater, argocd-image-updater-fips, argo-cd...

GHSA-H98R-WV3H-FR38 Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation

Summary A user with application write access developer role can set link.argocd.argoproj.io/ annotations on any ArgoCD Application. These annotation values are rendered in the Summary tab's URLs section as elements without URL validation. Using the pipe-separator trick Display Text |...

CVE-2026-42880 vulnerabilities

Vulnerabilities for packages: argocd-image-updater...

GHSA-3V3M-WC6V-X4X3 vulnerabilities

Vulnerabilities for packages: argocd-image-updater...

GHSA-3V3M-WC6V-X4X3 vulnerabilities

Vulnerabilities for packages: argocd-image-updater, argocd-image-updater-fips...

CVE-2026-42880 vulnerabilities

Vulnerabilities for packages: argocd-image-updater, argocd-image-updater-fips...

EUVD-2026-28469

ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: grafana-alloy, zarf, chainloop-cli-fips, amazon-ssm-agent, cloudbeat-fips, kots, flux-image-automation-controller, flux-source-controller-fips, kubescape-server, gitlab-rails-ce, grype-db, skaffold, grafana-fips, gitlab-rails-ce-fips, kubevela, gitlab-runner,...

EUVD-2026-23126

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...