Security Flaw in Argo CD Can Let Attackers Take Over Kubernetes Clusters
Argo CD has become a widely popular open source tool for developers who use GitOps for deploying cloud-native applications to Kubernetes. For cyberthreat actors who are already increasingly focusing their attention on software developers, that could make Argo CD an attractive target.
According to researchers with French cybersecurity company Synacktiv, there is an unpatched security flaw in Argo CD that, if exploited, could allow an unauthenticated attacker to execute code and gain control of Kubernetes deployments.
Synacktiv researchers discovered the vulnerability more than a year ago, reporting it to Argo CD’s maintainers in January 2025 and warning that it could lead to bad actors gaining full control of a Kubernetes cluster. However, despite multiple attempts to work with the maintainers and develop a fix, the bug is still unpatched, according to Hugo Vincent, security expert at Synacktiv.
“We have decided to publish this post to alert the community to the risk so that users can protect their environments,” Vincent wrote in a report.
Argo CD Sits at the Top of the Charts
Exploitation of the security flaw could have a significant ripple effect through the growing community of Argo CD users. A 2023 survey by the Argo Project – which is managed by the Cloud Native Computing Foundation – found that 93% of respondents use the tool in their production environments.
Two years later, a survey of 660 IT professionals by Octopus Deploy found that of the companies that align with GitOps practices, about 50% use Argo CD. The next most popular platform was Flux, at 11%.
Synacktiv’s Vincent wrote that with Argo CD, developers are able to streamline their application deployments. It’s based on GitOps, an approach to infrastructure and application deployment that uses Git repositories as a “single source of truth.” GitOps uses infrastructure-as-code (IaC) to ensure that infrastructure configurations are applied automatically, which offers users an efficient way to manage Kubernetes clusters.
‘An Attractive Target for Attackers’
“To function effectively and deploy resources in Kubernetes clusters, Argo CD requires significant privileges within the cluster,” he wrote. “Additionally, it has access to private Git repositories, making it an attractive target for attackers.”
The flaw affects Argo CD’s repo-server component, Vincent wrote. The repo-server is essentially a bridge between a developer’s source control and their Kubernetes clusters, cloning Git repositories, processing template tools like Helm and Kustomize, and creating the final Kubernetes manifests used to deploy applications.
“In this process, a user initiates an API call to the API server requesting manifest generation,” Vincent wrote. “The API server then forwards certain parameters from the original request, and if an administrator has defined the KustomizeOptions struct, it gets embedded in a gRPC request sent to the repo-server.”
A problem is that the gRPC server exposed by the repo-server lacks authentication, which means that if a bad actor can access it, they can gain unauthenticated remote code execution (RCE) by putting in their own KustomizeOptions, which allows them to control the build options.
Some Steps Needed for Exploitation
Exploiting the flaw is “fairly straightforward,” he wrote. An attacker needs only to make a gRPC call that includes the required parameters. That said, reaching arbitrary code execution takes a few more steps, including using the BuildOptions in KustomizeOptions because the kustomize binary includes parameters that can lead to arbitrary code execution.
Argo CD uses kustomize, a tool used by developers in the Kubernetes ecosystem to manage and customize Kubernetes manifests.
What Synacktiv researchers found was that adding a “dummy application” to the cluster gave them internal access, which was needed to exploit the vulnerability. Argo CD includes Kubernetes network policies that are designed to isolate the repo-server from everything else except the components it holds, according to Vincent.
The problem is that the Helm chart, which is one way to install Argo CD, doesn’t include those policies by default. Given that, a bad actor that can get a foothold in the cluster through a compromised pod – the dummy application – can exploit the internal access to exploit the vulnerability.
Accessing the Redis Database
The researchers used the flaw to get the Redis password from the repo-server and gain access into the Argo CD Redis database.
“With our tool, we can execute the entire scenario. The first step is to add the new manifest to the mfst entry [and then] modify or add the associated git-ref entry,” Vincent wrote. “After a short period of time the malicious manifest will be deployed. At this point an attacker would be able to deploy arbitrary manifests in the cluster, thus compromising it.”
He added that applying strict network policies should be enough to prevent exploitation of the bug until a fix becomes available.
“To give defenders a head start on applying these policies, we are temporarily delaying the release of our exploitation tool, argo-cdown,” Vincent wrote. “It will be made available on our GitHub at a later date so administrators can safely verify if their deployments are vulnerable.”


