Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Synacktiv disclosed an unpatched Argo CD repo-server flaw that can let an unauthenticated attacker execute code and potentially take over a Kubernetes cluster if the internal port is reachable. The issue affects common Helm-based deployments with network policies disabled, and defenders are urged to isolate repo-server and Redis immediately. #ArgoCD #Synacktiv #repo-server #Redis

Keypoints

  • An unauthenticated attacker can run code through Argo CD’s repo-server internal gRPC service.
  • Synacktiv says the flaw can lead to full Kubernetes cluster takeover.
  • The attack abuses kustomize’s –helm-command option to execute attacker-controlled scripts.
  • Helm-based Argo CD installs often leave network policies disabled by default.
  • Defenders should enable network isolation for repo-server and Redis, since no patch is available.

Read More: https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html