2 matches found
CVE-2026-24748
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
CVE-2026-24748
CVE-2026-24748 affects Kargo (GitHub repo github.com/akuity/kargo) where GetConfig() and RefreshResource() endpoints allow unauthenticated access via any non-empty Bearer token. This can lead to exfiltration of configuration data (e.g., endpoints for connected Argo CD clusters) and enable a denia...