Synacktiv disclosed an unpatched Argo CD repo-server flaw that can let an unauthenticated attacker execute code and potentially take over a Kubernetes cluster if the internal port is reachable. The issue affects common Helm-based deployments with network policies disabled, and defenders are urged to isolate repo-server and Redis immediately. #ArgoCD #Synacktiv #repo-server #Redis
Keypoints
- An unauthenticated attacker can run code through Argo CDβs repo-server internal gRPC service.
- Synacktiv says the flaw can lead to full Kubernetes cluster takeover.
- The attack abuses kustomizeβs βhelm-command option to execute attacker-controlled scripts.
- Helm-based Argo CD installs often leave network policies disabled by default.
- Defenders should enable network isolation for repo-server and Redis, since no patch is available.
Read More: https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html