43 matches found
CVE-2026-15416
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...
CVE-2026-15416 Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...
EUVD-2026-43648
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...
CVE-2026-15416
Affected software/component: Argo CD repo-server (GitOps engine used by Red Hat OpenShift GitOps). The CVE-2026-15416 entry describes an unauthenticated attacker with network access who can achieve remote code execution on the Argo CD repo-server. Under certain conditions, this may allow the atta...
CVE-2026-15416 Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...
CVE-2026-15416
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...
EUVD-2026-43544
Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...
PT-2026-57989
Name of the Vulnerable Software and Affected Versions OpenShift Data Foundation 4 odf-multicluster-rhel9-operator affected versions not specified OpenShift GitOps argocd-image-updater-rhel8 affected versions not specified OpenShift GitOps argocd-rhel8 affected versions not specified OpenShift...
CVE-2026-62185
Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...
PT-2026-57887
Name of the Vulnerable Software and Affected Versions Argo CD Helm Chart versions prior to 10.0.0 Description The software fails to install network policies by default, which allows any pod within the cluster to access the repo-server and other Argo APIs. This unrestricted network access can be...
EUVD-2024-0949
Malicious code in bioql PyPI...
EUVD-2023-2501
Malicious code in bioql PyPI...
GO-2022-0453 Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server in github.com/argoproj/argo-cd...
GO-2022-0357 Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd...
GO-2022-0358 Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd
Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd...
GO-2023-2085 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd...
GO-2023-2050 Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd
Argo CD repo-server Denial of Service vulnerability in github.com/argoproj/argo-cd...
argo-cd: uncontrolled memory allocation vulnerability
The ArgoCD repo-server component is vulnerable to a denial of service attack, where it is possible to crash the repo server component through an out-of-memory error by pointing it to a malicious Helm registry. The loadRepoIndex function in the ArgoCD's helm package does not limit the size or time...
GHSA-JHWX-MHWW-RGC3 ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The...
CVE-2024-29893
The ArgoCD repo-server component is vulnerable to a denial of service attack, where it is possible to crash the repo server component through an out-of-memory error by pointing it to a malicious Helm registry. The loadRepoIndex function in the ArgoCD's helm package does not limit the size or time...