CVE-2026-15416 (GCVE-0-2026-15416)
Vulnerability from cvelistv5 – Published: 2026-07-14 08:56 – Updated: 2026-07-15 14:39
VLAI
EPSS
VEX
Title
Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint
Summary
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise.
Severity
8.9 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
6 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| argoproj | argo-helm |
Affected:
0 , < 10.0.0
(semver)
|
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
|
| Red Hat | Red Hat OpenShift GitOps |
cpe:/a:redhat:openshift_gitops:1 |
Date Public
2026-07-01 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T14:39:38.453802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T14:39:52.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/argoproj/argo-helm",
"defaultStatus": "unaffected",
"packageName": "argo-helm",
"product": "argo-helm",
"vendor": "argoproj",
"versions": [
{
"lessThan": "10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "unaffected",
"packageName": "odf4/odf-multicluster-rhel9-operator",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "unknown",
"packageName": "openshift-gitops-1/argocd-agent-rhel8",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "unaffected",
"packageName": "openshift-gitops-1/argocd-agent-rhel9",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "unaffected",
"packageName": "openshift-gitops-1/argocd-image-updater-rhel9",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/argocd-rhel8",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "unknown",
"packageName": "openshift-gitops-1/argocd-rhel9",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-operator-bundle",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-rhel8",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"packageName": "openshift-gitops-1/gitops-rhel8-operator",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "unaffected",
"packageName": "openshift-gitops-1/gitops-rhel9",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "unaffected",
"packageName": "openshift-gitops-1/gitops-rhel9-operator",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
}
],
"datePublic": "2026-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T13:46:03.711Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-15416"
},
{
"name": "RHBZ#2496732",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496732"
},
{
"url": "https://github.com/argoproj/argo-helm/commit/0f245ab"
},
{
"url": "https://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8"
},
{
"url": "https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html"
},
{
"url": "https://www.synacktiv.com/en/publications/caught-in-the-octopus-trap-unauthenticated-rce-in-argo-cd-with-codeql"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-03T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-07-01T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint",
"workarounds": [
{
"lang": "en",
"value": "Limit network access to the Argo CD repo-server gRPC endpoint to trusted internal components using Kubernetes NetworkPolicy or equivalent network access controls. Do not expose the repo-server outside the cluster or to untrusted networks. Restrict access to the associated Redis service and update to a fixed version once one becomes available."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-15416",
"datePublished": "2026-07-14T08:56:29.942Z",
"dateReserved": "2026-07-10T14:49:39.682Z",
"dateUpdated": "2026-07-15T14:39:52.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-15416",
"date": "2026-07-15",
"epss": "0.00281",
"percentile": "0.20023"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-15416\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-07-14T09:16:40.590\",\"lastModified\":\"2026-07-15T15:16:28.067\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise.\"}],\"affected\":[{\"source\":\"secalert@redhat.com\",\"affectedData\":[{\"vendor\":\"argoproj\",\"product\":\"argo-helm\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://github.com/argoproj/argo-helm\",\"packageName\":\"argo-helm\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"10.0.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"odf4/odf-multicluster-rhel9-operator\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/argocd-agent-rhel8\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/argocd-agent-rhel9\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/argocd-image-updater-rhel8\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/argocd-image-updater-rhel9\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/argocd-rhel8\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/argocd-rhel9\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/gitops-operator-bundle\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/gitops-rhel8\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/gitops-rhel8-operator\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/gitops-rhel9\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"openshift-gitops-1/gitops-rhel9-operator\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L\",\"baseScore\":8.9,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-15T14:39:38.453802Z\",\"id\":\"CVE-2026-15416\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-15416\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2496732\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/argoproj/argo-helm/commit/0f245ab\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.synacktiv.com/en/publications/caught-in-the-octopus-trap-unauthenticated-rce-in-argo-cd-with-codeql\",\"source\":\"secalert@redhat.com\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-14T14:00:52+00:00",
"cve": "CVE-2026-15416",
"id": "CVE-2026-15416",
"initial_release_date": "2026-07-01T00:00:00+00:00",
"product_status:known_affected": "7",
"product_status:known_not_affected": "5",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "argo-cd: Argo CD unauthenticated remote code execution in repo-server via GenerateManifest gRPC endpoint",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-15416.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint\", \"metrics\": [{\"other\": {\"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}, \"type\": \"Red Hat severity rating\"}}, {\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"ADJACENT_NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 8.9, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L\", \"version\": \"3.1\"}, \"format\": \"CVSS\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise.\"}], \"affected\": [{\"vendor\": \"argoproj\", \"product\": \"argo-helm\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.0.0\", \"versionType\": \"semver\"}], \"packageName\": \"argo-helm\", \"collectionURL\": \"https://github.com/argoproj/argo-helm\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"odf4/odf-multicluster-rhel9-operator\", \"defaultStatus\": \"unaffected\", \"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/argocd-agent-rhel8\", \"defaultStatus\": \"unknown\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/argocd-agent-rhel9\", \"defaultStatus\": \"unaffected\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/argocd-image-updater-rhel8\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/argocd-image-updater-rhel9\", \"defaultStatus\": \"unaffected\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/argocd-rhel8\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/argocd-rhel9\", \"defaultStatus\": \"unknown\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/gitops-operator-bundle\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/gitops-rhel8\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/gitops-rhel8-operator\", \"defaultStatus\": \"affected\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/gitops-rhel9\", \"defaultStatus\": \"unaffected\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"openshift-gitops-1/gitops-rhel9-operator\", \"defaultStatus\": \"unaffected\", \"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"]}], \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-15416\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2496732\", \"name\": \"RHBZ#2496732\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/argoproj/argo-helm/commit/0f245ab\"}, {\"url\": \"https://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8\"}, {\"url\": \"https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html\"}, {\"url\": \"https://www.synacktiv.com/en/publications/caught-in-the-octopus-trap-unauthenticated-rce-in-argo-cd-with-codeql\"}], \"datePublic\": \"2026-07-01T00:00:00.000Z\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-306\", \"description\": \"Missing Authentication for Critical Function\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"x_redhatCweChain\": \"CWE-306: Missing Authentication for Critical Function\", \"workarounds\": [{\"lang\": \"en\", \"value\": \"Limit network access to the Argo CD repo-server gRPC endpoint to trusted internal components using Kubernetes NetworkPolicy or equivalent network access controls. Do not expose the repo-server outside the cluster or to untrusted networks. Restrict access to the associated Redis service and update to a fixed version once one becomes available.\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-07-03T00:00:00.000Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-07-01T00:00:00.000Z\", \"value\": \"Made public.\"}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-07-14T13:46:03.711Z\"}, \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-15416\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-15T14:39:38.453802Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-15T14:08:40.669Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-15416\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"redhat\", \"dateReserved\": \"2026-07-10T14:49:39.682Z\", \"datePublished\": \"2026-07-14T08:56:29.942Z\", \"dateUpdated\": \"2026-07-15T14:39:52.411Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…