Skip to main content

Red Hat Openshift Gitops CVE-2026-6388

| EUVDEUVD-2026-23126 CRITICAL
Insufficient Granularity of Access Control (CWE-1220)
2026-04-15 redhat GHSA-mx9c-q7m4-fm97
9.1
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
Red Hat
9.1 HIGH
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

2
EUVD ID Assigned
Apr 15, 2026 - 22:00 euvd
EUVD-2026-23126
CVE Published
Apr 15, 2026 - 21:34 nvd
CRITICAL 9.1

DescriptionCVE.org

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates.

Analysis

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

CVE-2026-6388 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy