Synacktiv Discloses 1 Unpatched Argo CD Flaw Enabling Code Execution
Updated
Updated · InfoWorld · Jul 2
Synacktiv Discloses 1 Unpatched Argo CD Flaw Enabling Code Execution
3 articles · Updated · InfoWorld · Jul 2
Summary
July 1 disclosure by Synacktiv detailed an unpatched Argo CD repo-server flaw that can let an attacker already inside a Kubernetes cluster execute commands and tamper with deployments.
The issue stems from an unauthenticated GenerateManifest gRPC endpoint: if an attacker can reach the repo-server and Redis ports, they can abuse Kustomize Helm build options to run attacker-controlled code.
Synacktiv said Helm chart deployments are especially exposed because Argo CD network policies exist but are not enabled by default, meaning one compromised pod may provide enough internal access.
Researchers also pulled the Redis password from the repo-server environment and altered cached deployment data, allowing malicious manifests to deploy automatically when Auto Sync is enabled.
The report urges CISOs to treat GitOps platforms as tier-zero control-plane assets and focus on east-west cluster access paths, not just whether Argo CD is internet-facing.
With 60% of Kubernetes users on Argo CD, why are its most critical security settings still disabled by default?
Argo CD's critical flaw remains unpatched. Are users now solely responsible for preventing a total cluster compromise?
July 2026: Unpatched Argo CD Remote Code Execution Puts Kubernetes Environments at Immediate Risk
Overview
A critical Remote Code Execution (RCE) vulnerability in Argo CD's repo-server was publicly disclosed in July 2026, after being reported in January 2025. This flaw remains unpatched and lacks an official CVE identifier, creating a significant and immediate threat to Kubernetes clusters using Argo CD. The combination of public disclosure, no patch, and missing CVE means attackers can exploit this vulnerability to gain deep access, potentially compromising entire clusters. The risk is especially high because a successful attack could impact much more than a single application, turning Argo CD into a tool for widespread malicious activity.