Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Workaround
Limit network access to the Argo CD repo-server gRPC endpoint to trusted internal components using Kubernetes NetworkPolicy or equivalent network access controls. Do not expose the repo-server outside the cluster or to untrusted networks. Restrict access to the associated Redis service and update to a fixed version once one becomes available.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | ||
| Vendors & Products |
Redhat ansible Portal
|
Tue, 14 Jul 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise. | |
| Title | Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint | |
| First Time appeared |
Redhat
Redhat ansible Portal Redhat openshift Data Foundation Redhat openshift Gitops |
|
| Weaknesses | CWE-306 | |
| CPEs | cpe:/a:redhat:ansible_portal:2 cpe:/a:redhat:openshift_data_foundation:4 cpe:/a:redhat:openshift_gitops:1 |
|
| Vendors & Products |
Redhat
Redhat ansible Portal Redhat openshift Data Foundation Redhat openshift Gitops |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-14T09:36:27.643Z
Reserved: 2026-07-10T14:49:39.682Z
Link: CVE-2026-15416
No data.
No data.
No data.
OpenCVE Enrichment
No data.