Skip to main content

Argo CD CVE-2026-45737

MEDIUM
Information Exposure (CWE-200)
2026-05-19 https://github.com/argoproj/argo-cd GHSA-rg3g-4rw9-gqrp
6.3
CVSS 3.1 · Vendor: https://github.com/argoproj/argo-cd
Share

Severity by source

Vendor (https://github.com/argoproj/argo-cd) PRIMARY
6.3 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from Vendor (https://github.com/argoproj/argo-cd) · only source for this CVE.

CVSS VectorVendor: https://github.com/argoproj/argo-cd

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 19, 2026 - 16:33 vuln.today
Analysis Generated
May 19, 2026 - 16:33 vuln.today

DescriptionCVE.org

Summary

The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation.

The prior fix masks top-level Secret data in ServerSideDiff responses, but it does not fully sanitize Secret data stored inside the last-applied-configuration annotation. If a Secret was previously created or updated using client-side apply, that annotation may contain raw data, stringData, and sensitive annotations. These values can be shown in UI/CLI diffs.

Details

The ServerSideDiff endpoint returns ResourceDiff.TargetState / LiveState based on server-side dry-run output. Kubernetes server-side dry-run can return a full predicted live Secret object that carries forward existing live annotations, including:

kubectl.kubernetes.io/last-applied-configuration For Secrets created with client-side apply, that annotation can contain a JSON-serialized Secret manifest with sensitive values.

The masking path calls HideSecretData(target, live, ...). However, HideSecretData only rewrites the last-applied annotation on the second argument (live). In server-side diff, the first argument can be predictedLive, not a clean Git target. predictedLive can also contain kubectl.kubernetes.io/last-applied-configuration, so the first object’s embedded annotation can remain unmasked.

PoC

Create an app containing this Secret manifest:

yaml
apiVersion: v1
kind: Namespace
metadata:
  name: last-applied-secret-repro
---
apiVersion: v1
kind: Secret
metadata:
  name: secret
  namespace: last-applied-secret-repro
  annotations:
    app: test
    token: SECRETVAL
type: Opaque
data:
  password: U0VDUkVUVkFM
  username: U0VDUkVUVkFM

Create and Sync Argo App

yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: last-applied-secret-repro
  namespace: argocd
  annotations:
    argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
spec:
  project: default
  destination:
    server: https://kubernetes.default.svc
    namespace: last-applied-secret-repro
  source:
    repoURL: https://github.com/YOUR_ORG/YOUR_REPO.git
    targetRevision: HEAD
    path: last-applied-secret-repro
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
      - ServerSideApply=true

Run argo cd app diff argocd app diff last-applied-secret-repro --server-side-diff --exit-code=false

❯ argocd app diff last-applied-secret-repro --server-side-diff --exit-code=false

===== /Secret last-applied-secret-repro/secret ======
10c10,11
<     kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","data":{"password":"++++++++","username":"++++++++"},"kind":"Secret","metadata":{"annotations":{"app":"test","argocd.argoproj.io/tracking-id":"last-applied-secret-repro:/Secret:last-applied-secret-repro/secret","token":"SECRETVAL"},"name":"secret","namespace":"last-applied-secret-repro"},"type":"Opaque"}'
---
>     kubectl.kubernetes.io/last-applied-configuration: |
>       {"apiVersion":"v1","data":{"password":"U0VDUkVUVkFM","username":"U0VDUkVUVkFM"},"kind":"Secret","metadata":{"annotations":{"app":"test","argocd.argoproj.io/tracking-id":"last-applied-secret-repro:/Secret:last-applied-secret-repro/secret","token":"SECRETVAL"},"name":"secret","namespace":"last-applied-secret-repro"},"type":"Opaque"}

The secret value can be seen inside the diff

Impact

Authenticated Argo CD users who can view application diffs may be able to read Secret values that should be masked.

Impacted values include: Secret data embedded in kubectl.kubernetes.io/last-applied-configuration

AnalysisAI

Information disclosure in Argo CD v3.x exposes plaintext Kubernetes Secret values to authenticated users who can view application diffs via the ServerSideDiff feature. This is an incomplete fix for a prior vulnerability (GHSA-3v3m-wc6v-x4x3): the original patch masked top-level Secret data in ServerSideDiff responses but failed to sanitize Secret content embedded in the kubectl.kubernetes.io/last-applied-configuration annotation on predictedLive objects, leaving raw data, stringData, and sensitive annotation values readable in UI and CLI diff output. A publicly available proof-of-concept exists; no KEV listing is present at time of analysis, but the Changed Scope (S:C) in the CVSS vector indicates that exposed secrets may belong to workloads beyond the Argo CD application boundary, amplifying real-world impact in multi-tenant environments.

Technical ContextAI

Argo CD's ServerSideDiff feature invokes a Kubernetes server-side dry-run to compute the predicted live state of managed resources. When a Kubernetes Secret has previously been created or updated via client-side kubectl apply, the Kubernetes API server automatically stores the full applied manifest as a JSON string in the kubectl.kubernetes.io/last-applied-configuration annotation on the live object. The server-side dry-run carries this annotation forward into the predictedLive response. The masking function HideSecretData(target, live, ...) is responsible for redacting sensitive values before diff output is returned to clients; however, it only rewrites the last-applied annotation on its second argument (live) and does not apply equivalent sanitization to the first argument, which in the ServerSideDiff code path is predictedLive rather than a clean Git-sourced target manifest. As a result, the unmasked JSON-serialized Secret - including base64-encoded data fields and plaintext sensitive metadata annotations - is returned in the diff. The affected Go package is github.com/argoproj/argo-cd/v3. CWE-200 (Information Exposure) is the root cause class: sensitive data is returned to authorized but insufficiently privileged consumers without adequate filtering, due to an incomplete application of the existing sanitization logic.

RemediationAI

The primary remediation is to upgrade Argo CD to a patched release: version 3.2.12 for 3.2.x deployments, 3.3.10 for 3.3.x deployments, or 3.4.2 for 3.4.x deployments, as confirmed by the GitHub Security Advisory at https://github.com/argoproj/argo-cd/security/advisories/GHSA-rg3g-4rw9-gqrp. If immediate patching is not feasible, a compensating control is to disable ServerSideDiff by removing the argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true annotation from all Argo CD Application resources and avoiding the --server-side-diff CLI flag; note that this degrades diff accuracy for workloads using server-side apply and may hide legitimate drift. An additional control is to tighten Argo CD RBAC policies to restrict the applications, get and applications, action/diff permissions to only personnel who require them, reducing the pool of users who can trigger or view ServerSideDiff output; this does not eliminate the vulnerability but limits blast radius. Organizations should also audit whether any Secrets managed by Argo CD contain sensitive values in metadata annotations (not just in data/stringData), as annotation-embedded secrets are a separate hygiene concern beyond this CVE.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

CVE-2026-45737 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy