Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html
Publish Date: 2026-07-01 15:40:00
Source Domain: thehackernews.com
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component’s internal network port.
Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD’s maintainers in January 2025; roughly eighteen months later, it remains unpatched, so it published the details to warn users.
The bug sits in repo-server, the Argo CD component that reads Git repositories and builds Kubernetes manifests, the files that define what the cluster deploys.
Its internal gRPC service has no authentication; anyone who can reach it can send a crafted request to run a command. Synacktiv demonstrated the attack against Argo CD v2.13.3 and reports no patched release; it did not publish a full list of affected versions.
The technique abuses kustomize, a standard tool Argo CD runs to turn repository files into manifests. Kustomize has a –helm-command option that points to the helm binary it should call.
Synacktiv found that an unauthenticated request to the repo-server’s GenerateManifest service can set that option to a script instead, pulled from an attacker-controlled Git repository. When kustomize runs, it executes the script rather than helm.
But “internal” does not mean isolated by default. Argo CD ships Kubernetes network policies that wall the repo-server off from everything except its own components.
Synacktiv found the Helm chart, a common way to install Argo CD, leaves those policies off by default, with networkPolicy.create set to false. In that setup, an attacker who compromises a single pod in the cluster can reach the repo-server and trigger the bug.
Running code on the repo-server is not the end of it. Synacktiv used that access to read the cluster’s Redis password from an…