{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6388", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-15T19:29:52.786Z", "datePublished": "2026-04-15T21:34:07.022Z", "dateUpdated": "2026-04-15T21:34:07.022Z"}, "containers": {"cna": {"title": "Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift GitOps", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-gitops-1/argocd-image-updater-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_gitops:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-6388", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458766", "name": "RHBZ#2458766", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-15T19:30:41.686Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-1220", "description": "Insufficient Granularity of Access Control", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control", "workarounds": [{"lang": "en", "value": "Ensure that `AppProject` resources are configured to enforce strict tenant isolation within Red Hat OpenShift GitOps environments. Additionally, restrict the permissions of the Argo CD Image Updater controller to operate only within its designated namespaces, and limit the ability of users to create or modify `ImageUpdater` resources to trusted administrators. This reduces the risk of unauthorized cross-namespace application updates."}], "timeline": [{"lang": "en", "time": "2026-04-15T19:29:41.063Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-15T19:30:41.686Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-15T21:34:07.022Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates."}], "id": "CVE-2026-6388", "lastModified": "2026-04-15T22:17:22.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-15T22:17:22.583", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-6388"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458766"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1220"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}

{}