{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/argo-cd-helm-chart/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.6,"id":"CVE-2026-62185"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Argo CD Helm Chart"],"_cs_severities":["high"],"_cs_tags":["kubernetes","misconfiguration","network-policy","rce","supply-chain"],"_cs_type":"advisory","_cs_vendors":["Argo Project"],"content_html":"\u003cp\u003eCVE-2026-62185 describes a critical misconfiguration vulnerability affecting the Argo CD Helm Chart in versions prior to 10.0.0. This flaw arises because the Helm Chart, by default, does not deploy essential network policies when installing Argo CD in a Kubernetes environment. As a result, any pod within the cluster can establish unrestricted network connections to sensitive Argo CD components, including the \u003ccode\u003erepo-server\u003c/code\u003e and other core Argo APIs. This lack of segmentation poses a significant security risk, enabling attackers who have already compromised an arbitrary pod to perform lateral movement and privilege escalation. By chaining this vulnerability with other attack techniques, malicious actors can leverage the exposed APIs to gain full cluster compromise and execute arbitrary code remotely, severely threatening the integrity and confidentiality of the Kubernetes infrastructure and its managed applications.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker first obtains initial access to an arbitrary pod already running within a Kubernetes cluster that uses an affected Argo CD Helm Chart installation (prior to version 10.0.0).\u003c/li\u003e\n\u003cli\u003eFrom the compromised pod, the attacker conducts internal network reconnaissance to discover the internal service endpoints for critical Argo CD components, such as the \u003ccode\u003erepo-server\u003c/code\u003e or \u003ccode\u003eargocd-server\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to the absence of default network policies configured by the Helm Chart (CVE-2026-62185), the attacker successfully establishes direct, unauthorized network connections from the compromised pod to the identified Argo CD APIs.\u003c/li\u003e\n\u003cli\u003eThe attacker then interacts with the exposed Argo CD APIs to query sensitive configuration data, modify application manifests, or initiate unauthorized deployment actions within the cluster.\u003c/li\u003e\n\u003cli\u003eThrough command injection or by introducing malicious application definitions via the accessible Argo CD APIs, the attacker injects and schedules arbitrary malicious code or container images.\u003c/li\u003e\n\u003cli\u003eThe injected malicious code executes within the Kubernetes cluster, leading to remote code execution (RCE) on a pod, an underlying node, or potentially a control plane component.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the RCE to achieve broader cluster compromise, which can result in data exfiltration, service disruption, or establishing persistent access mechanisms.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploitation of CVE-2026-62185 can lead to severe and widespread impact for organizations utilizing vulnerable Argo CD Helm Chart versions. The primary consequence is the potential for complete Kubernetes cluster compromise, including remote code execution within the cluster environment. This enables attackers to gain unauthorized access to sensitive data, manipulate or destroy deployed applications, and disrupt critical services and CI/CD pipelines. The vulnerability essentially nullifies network segmentation protections, allowing a breach of even a low-privileged pod to escalate into full control over the continuous delivery system and the applications it manages, leading to significant operational disruption and data integrity loss.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Argo CD Helm Chart to version 10.0.0 or later immediately to deploy network policies by default, mitigating CVE-2026-62185.\u003c/li\u003e\n\u003cli\u003eReview and implement robust network policies in your Kubernetes clusters to restrict communication between pods and critical control plane components like Argo CD APIs, as advised in the GitHub security advisory \u003ccode\u003ehttps://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eConsult the VulnCheck advisory at \u003ccode\u003ehttps://www.vulncheck.com/advisories/argo-cd-helm-chart-missing-network-policy-rce\u003c/code\u003e for additional technical context and specific remediation guidance regarding CVE-2026-62185.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-13T22:22:24Z","date_published":"2026-07-13T22:22:24Z","id":"https://feed.craftedsignal.io/briefs/2026-07-argo-cd-helm-chart-network-policy/","summary":"A vulnerability, CVE-2026-62185, in the Argo CD Helm Chart before version 10.0.0 fails to install network policies by default, allowing any pod within a Kubernetes cluster to access critical Argo APIs, which attackers can exploit to achieve cluster compromise and remote code execution.","title":"Argo CD Helm Chart Vulnerability Exposes Internal APIs Leading to Cluster Compromise","url":"https://feed.craftedsignal.io/briefs/2026-07-argo-cd-helm-chart-network-policy/"}],"language":"en","title":"CraftedSignal Threat Feed - Argo CD Helm Chart","version":"https://jsonfeed.org/version/1.1"}