Unauthenticated Remote Code Execution Flaw in Red Hat OpenShift GitOps Argo CD
CVE-2026-15416

8.9HIGH

What is CVE-2026-15416?

A security flaw in Argo CD, the GitOps engine utilized by Red Hat OpenShift GitOps, has been discovered that could potentially allow an unauthenticated attacker with network access to the Argo CD repo-server to execute arbitrary code remotely. If exploited, the attacker may manipulate the cached data and deploy malicious resources to Kubernetes clusters under management, which could lead to a complete compromise of those clusters. Organizations utilizing Argo CD should take immediate action to mitigate this vulnerability by updating to the latest secure version.

Affected Version(s)

argo-helm 0 < 10.0.0

References

CVSS V3.1

Score:
8.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.