Argo CD, a widely adopted tool for continuous deployment in Kubernetes environments, has been found to contain a critical vulnerability in its repo-server component. This flaw allows unauthenticated attackers to execute arbitrary code, potentially leading to full control over affected Kubernetes clusters.
The vulnerability resides in the repo-server’s internal gRPC service, which lacks authentication mechanisms. This oversight enables any entity with network access to the service to send specially crafted requests that can execute commands on the server. Security researchers demonstrated this exploit on Argo CD version 2.13.3 and noted that no patched release is currently available.
The attack leverages the ‘kustomize’ tool, integral to Argo CD’s process of transforming repository files into Kubernetes manifests. By manipulating the ‘–helm-command’ option within kustomize, an attacker can substitute the expected ‘helm’ binary with a malicious script hosted in a controlled Git repository. When kustomize executes, it runs the malicious script instead of the legitimate ‘helm’ command.
Compounding the issue, default configurations in Argo CD’s Helm chart leave Kubernetes network policies disabled (with ‘networkPolicy.create’ set to ‘false’). This default setting allows any compromised pod within the cluster to access the repo-server, thereby facilitating the exploit.
Once an attacker gains code execution on the repo-server, they can extract sensitive information, such as the Redis password stored in environment variables. With this credential, the attacker can connect to Argo CD’s Redis cache and manipulate deployment data. During the next synchronization, Argo CD would deploy the attacker’s specified workload, effectively granting them control over the cluster.
This method echoes a previous vulnerability, CVE-2024-31989, where the absence of a Redis password allowed unauthorized modification of deployment data. Although a password was later implemented, the lack of cache signing means that if an attacker obtains the password, they can still exploit the system in a similar manner.
Mitigation Strategies
In the absence of an official patch, it is crucial to implement network isolation measures. Enabling Kubernetes network policies can restrict access to the repo-server and Redis ports, allowing only Argo CD’s own components to communicate with them. While Argo CD provides the necessary policy files, users deploying via Helm must manually activate them, as the default settings leave these policies disabled.
Administrators can verify the activation of network policies by executing the command: ‘kubectl get networkpolicy -A’. A secure setup should display a network policy for each component, including the repo-server and Redis. If these policies are absent, it indicates that the repo-server and Redis ports are accessible from other parts of the cluster, posing a significant security risk.
Security researchers have developed a tool named ‘argo-cdown’ to automate the exploitation process. However, they are withholding its release to provide organizations time to secure their deployments by configuring appropriate network policies. The tool is expected to be made available on GitHub in the near future, allowing administrators to test their systems’ resilience against this vulnerability.
This incident is part of a series of security challenges faced by Argo CD. In September 2025, a vulnerability (CVE-2025-55190) was addressed, where API tokens with basic read access could retrieve Git repository credentials. More recently, in May 2026, another flaw (CVE-2026-42880) was discovered, enabling users with read-only permissions to access plaintext Kubernetes secrets. These recurring issues highlight the critical need for robust security measures within GitOps tools like Argo CD.
The persistence of such vulnerabilities underscores the importance of treating GitOps infrastructure as a high-security priority. Organizations must proactively implement stringent network policies and regularly audit their configurations to mitigate potential risks. Until an official patch is released, maintaining strict network isolation remains the most effective defense against this exploit.