Full Report
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to a full cluster takeover. There is no fix and no CVE. The firm says it reported the flaw to Argo CD's maintainers in
Analysis Summary
# Vulnerability: Unauthenticated RCE in Argo CD repo-server component
## CVE Details
- **CVE ID:** None Assigned (Unpatched at time of report)
- **CVSS Score:** N/A (Estimated Critical based on "Full Cluster Takeover" impact)
- **CWE:** CWE-306: Missing Authentication for Critical Function / CWE-94: Improper Control of Generation of Code (Code Injection)
## Affected Systems
- **Products:** Argo CD
- **Versions:** Demonstrated on v2.13.3; likely affects all versions prior to a pending fix.
- **Configurations:** Systems where Kubernetes Network Policies are disabled or not configured (default in some Helm chart installations).
## Vulnerability Description
The vulnerability exists within the `repo-server` component of Argo CD, which handles Git repository processing and manifest generation. The internal gRPC service for this component lacks authentication.
The flaw leverages the `kustomize` tool's `--helm-command` option. An attacker can send a crafted unauthenticated request to the `GenerateManifest` service, overriding the helm command with a malicious script hosted on an attacker-controlled Git repository. When Argo CD attempts to generate manifests, it executes the attacker's script instead of the legitimate Helm binary, leading to Remote Code Execution (RCE).
## Exploitation
- **Status:** PoC available (developed by Synacktiv; currently withheld from public release).
- **Complexity:** Medium (Requires network access to the internal `repo-server` port).
- **Attack Vector:** Network (Internal). An attacker who can reach the internal network port of the `repo-server` (e.g., via a compromised pod in the same cluster) can trigger the exploit.
## Impact
- **Confidentiality:** High (Access to internal secrets and Redis passwords).
- **Integrity:** High (Ability to poison deployment data and deploy unauthorized workloads).
- **Availability:** High (Potential for full cluster takeover).
## Remediation
### Patches
- **Status:** No patch currently available. The flaw remains unpatched as of July 2026.
### Workarounds
- **Network Isolation:** Enable Kubernetes Network Policies to restrict access to the `repo-server` and `Redis` components.
- **Helm Users:** Manually set `networkPolicy.create: true` in the Argo CD Helm chart `values.yaml`, as it is reportedly disabled by default.
- **Validation:** Run `kubectl get networkpolicy -A` to ensure policies exist for each Argo CD component.
## Detection
- **Indicators of Compromise:**
- Unexpected outbound network connections from the `repo-server` pod to unauthorized Git repositories.
- Unusual scripts being executed by the `kustomize` process.
- Unexplained changes in deployed workloads (manifest poisoning).
- **Detection Methods:** Monitor gRPC traffic to the `repo-server` for anomalous `GenerateManifest` requests containing manipulated Helm command arguments.
## References
- **Synacktiv Research:** hxxps://www[.]synacktiv[.]com/en/publications/caught-in-the-octopus-trap-unauthenticated-rce-in-argo-cd-with-codeql
- **Argo CD Network Policy Documentation:** hxxps://github[.]com/argoproj/argo-cd/blob/e3bcc48bf2dc92c1f397dc28a333881106a8a653/manifests/base/repo-server/argocd-repo-server-network-policy[.]yaml
- **Related Vulnerability (Redis):** hxxps://cycode[.]com/blog/revealing-argo-cd-critical-vulnerability/ (CVE-2024-31989)