Unpatched Argo CD Repo-Server RCE Enables Kubernetes Cluster Takeover
Researchers disclosed an unpatched unauthenticated remote code execution flaw in Argo CD’s repo-server that can be exploited through the gRPC GenerateManifest endpoint when attackers can reach the internal service port. The attack chain abuses Argo CD’s handling of Kustomize options, allowing a crafted request to pass attacker-controlled settings such as --enable-helm and --helm-command so code from a malicious Git repository is executed on the repo-server host.
Synacktiv said it reported the issue to Argo CD maintainers in January 2025, but no patch or CVE had been issued at the time of disclosure. After achieving code execution, the researchers demonstrated theft of the REDIS_PASSWORD environment variable and poisoning of Argo CD’s Redis-backed cache to force deployment of attacker-controlled manifests on the next sync, creating a path to full Kubernetes cluster compromise. The reported mitigation is to enforce Kubernetes network policies that restrict access to repo-server and Redis to trusted Argo CD components, as those protections are not enabled by default in common Helm-based deployments.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Synacktiv publicly discloses unpatched Argo CD RCE chain
On July 1, 2026, Synacktiv published technical details of an unpatched Argo CD repo-server attack chain that enables unauthenticated command execution through crafted Kustomize options. The disclosure also described post-exploitation access to Redis, cache poisoning, and potential Kubernetes cluster compromise, while noting no patch or CVE had been issued.
Synacktiv reports Argo CD repo-server flaws to maintainers
Synacktiv said it responsibly disclosed an attack chain in Argo CD's repo-server component to Argo CD maintainers in January 2025. The issue involved unauthenticated remote code execution via the GenerateManifest gRPC endpoint and remained unpatched afterward.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


