Argo CD CVE-2026-45737
MEDIUMSeverity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from Vendor (https://github.com/argoproj/argo-cd) · only source for this CVE.
CVSS VectorVendor: https://github.com/argoproj/argo-cd
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Summary
The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation.
The prior fix masks top-level Secret data in ServerSideDiff responses, but it does not fully sanitize Secret data stored inside the last-applied-configuration annotation. If a Secret was previously created or updated using client-side apply, that annotation may contain raw data, stringData, and sensitive annotations. These values can be shown in UI/CLI diffs.
Details
The ServerSideDiff endpoint returns ResourceDiff.TargetState / LiveState based on server-side dry-run output. Kubernetes server-side dry-run can return a full predicted live Secret object that carries forward existing live annotations, including:
kubectl.kubernetes.io/last-applied-configuration For Secrets created with client-side apply, that annotation can contain a JSON-serialized Secret manifest with sensitive values.
The masking path calls HideSecretData(target, live, ...). However, HideSecretData only rewrites the last-applied annotation on the second argument (live). In server-side diff, the first argument can be predictedLive, not a clean Git target. predictedLive can also contain kubectl.kubernetes.io/last-applied-configuration, so the first object’s embedded annotation can remain unmasked.
PoC
Create an app containing this Secret manifest:
apiVersion: v1
kind: Namespace
metadata:
name: last-applied-secret-repro
---
apiVersion: v1
kind: Secret
metadata:
name: secret
namespace: last-applied-secret-repro
annotations:
app: test
token: SECRETVAL
type: Opaque
data:
password: U0VDUkVUVkFM
username: U0VDUkVUVkFMCreate and Sync Argo App
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: last-applied-secret-repro
namespace: argocd
annotations:
argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
spec:
project: default
destination:
server: https://kubernetes.default.svc
namespace: last-applied-secret-repro
source:
repoURL: https://github.com/YOUR_ORG/YOUR_REPO.git
targetRevision: HEAD
path: last-applied-secret-repro
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=trueRun argo cd app diff argocd app diff last-applied-secret-repro --server-side-diff --exit-code=false
❯ argocd app diff last-applied-secret-repro --server-side-diff --exit-code=false
===== /Secret last-applied-secret-repro/secret ======
10c10,11
< kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","data":{"password":"++++++++","username":"++++++++"},"kind":"Secret","metadata":{"annotations":{"app":"test","argocd.argoproj.io/tracking-id":"last-applied-secret-repro:/Secret:last-applied-secret-repro/secret","token":"SECRETVAL"},"name":"secret","namespace":"last-applied-secret-repro"},"type":"Opaque"}'
---
> kubectl.kubernetes.io/last-applied-configuration: |
> {"apiVersion":"v1","data":{"password":"U0VDUkVUVkFM","username":"U0VDUkVUVkFM"},"kind":"Secret","metadata":{"annotations":{"app":"test","argocd.argoproj.io/tracking-id":"last-applied-secret-repro:/Secret:last-applied-secret-repro/secret","token":"SECRETVAL"},"name":"secret","namespace":"last-applied-secret-repro"},"type":"Opaque"}The secret value can be seen inside the diff
Impact
Authenticated Argo CD users who can view application diffs may be able to read Secret values that should be masked.
Impacted values include: Secret data embedded in kubectl.kubernetes.io/last-applied-configuration
AnalysisAI
Information disclosure in Argo CD v3.x exposes plaintext Kubernetes Secret values to authenticated users who can view application diffs via the ServerSideDiff feature. This is an incomplete fix for a prior vulnerability (GHSA-3v3m-wc6v-x4x3): the original patch masked top-level Secret data in ServerSideDiff responses but failed to sanitize Secret content embedded in the kubectl.kubernetes.io/last-applied-configuration annotation on predictedLive objects, leaving raw data, stringData, and sensitive annotation values readable in UI and CLI diff output. A publicly available proof-of-concept exists; no KEV listing is present at time of analysis, but the Changed Scope (S:C) in the CVSS vector indicates that exposed secrets may belong to workloads beyond the Argo CD application boundary, amplifying real-world impact in multi-tenant environments.
Technical ContextAI
Argo CD's ServerSideDiff feature invokes a Kubernetes server-side dry-run to compute the predicted live state of managed resources. When a Kubernetes Secret has previously been created or updated via client-side kubectl apply, the Kubernetes API server automatically stores the full applied manifest as a JSON string in the kubectl.kubernetes.io/last-applied-configuration annotation on the live object. The server-side dry-run carries this annotation forward into the predictedLive response. The masking function HideSecretData(target, live, ...) is responsible for redacting sensitive values before diff output is returned to clients; however, it only rewrites the last-applied annotation on its second argument (live) and does not apply equivalent sanitization to the first argument, which in the ServerSideDiff code path is predictedLive rather than a clean Git-sourced target manifest. As a result, the unmasked JSON-serialized Secret - including base64-encoded data fields and plaintext sensitive metadata annotations - is returned in the diff. The affected Go package is github.com/argoproj/argo-cd/v3. CWE-200 (Information Exposure) is the root cause class: sensitive data is returned to authorized but insufficiently privileged consumers without adequate filtering, due to an incomplete application of the existing sanitization logic.
RemediationAI
The primary remediation is to upgrade Argo CD to a patched release: version 3.2.12 for 3.2.x deployments, 3.3.10 for 3.3.x deployments, or 3.4.2 for 3.4.x deployments, as confirmed by the GitHub Security Advisory at https://github.com/argoproj/argo-cd/security/advisories/GHSA-rg3g-4rw9-gqrp. If immediate patching is not feasible, a compensating control is to disable ServerSideDiff by removing the argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true annotation from all Argo CD Application resources and avoiding the --server-side-diff CLI flag; note that this degrades diff accuracy for workloads using server-side apply and may hide legitimate drift. An additional control is to tighten Argo CD RBAC policies to restrict the applications, get and applications, action/diff permissions to only personnel who require them, reducing the pool of users who can trigger or view ServerSideDiff output; this does not eliminate the vulnerability but limits blast radius. Organizations should also audit whether any Secrets managed by Argo CD contain sensitive values in metadata annotations (not just in data/stringData), as annotation-embedded secrets are a separate hygiene concern beyond this CVE.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-rg3g-4rw9-gqrp