Unauthenticated Remote Code Execution Flaw in Red Hat OpenShift GitOps Argo CD
CVE-2026-15416
8.9HIGH
What is CVE-2026-15416?
A security flaw in Argo CD, the GitOps engine utilized by Red Hat OpenShift GitOps, has been discovered that could potentially allow an unauthenticated attacker with network access to the Argo CD repo-server to execute arbitrary code remotely. If exploited, the attacker may manipulate the cached data and deploy malicious resources to Kubernetes clusters under management, which could lead to a complete compromise of those clusters. Organizations utilizing Argo CD should take immediate action to mitigate this vulnerability by updating to the latest secure version.
Affected Version(s)
argo-helm 0 < 10.0.0
