JavaScript Execution Vulnerability in Argo CD by Argo Project
CVE-2026-45738
7.3HIGH
What is CVE-2026-45738?
Argo CD is a GitOps continuous delivery tool for Kubernetes. Users with application write access can exploit a vulnerability that allows them to set unchecked annotations, which can render potentially harmful JavaScript code in higher-privileged user sessions. This scenario occurs due to the lack of URL validation in the application summaries. The vulnerability was addressed in versions 3.2.12, 3.3.10, and 3.4.2, ensuring better security for deployments.
Affected Version(s)
argo-cd < 3.2.12 < 3.2.12
argo-cd >= 3.3.0, < 3.3.10 < 3.3.0, 3.3.10
argo-cd >= 3.4.0-rc1, < 3.4.2 < 3.4.0-rc1, 3.4.2
