{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6388", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-15T19:29:52.786Z", "datePublished": "2026-04-15T21:34:07.022Z", "dateUpdated": "2026-04-15T21:34:07.022Z"}, "containers": {"cna": {"title": "Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift GitOps", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-gitops-1/argocd-image-updater-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_gitops:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-6388", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458766", "name": "RHBZ#2458766", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-15T19:30:41.686Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-1220", "description": "Insufficient Granularity of Access Control", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control", "workarounds": [{"lang": "en", "value": "Ensure that `AppProject` resources are configured to enforce strict tenant isolation within Red Hat OpenShift GitOps environments. Additionally, restrict the permissions of the Argo CD Image Updater controller to operate only within its designated namespaces, and limit the ability of users to create or modify `ImageUpdater` resources to trusted administrators. This reduces the risk of unauthorized cross-namespace application updates."}], "timeline": [{"lang": "en", "time": "2026-04-15T19:29:41.063Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-15T19:30:41.686Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-15T21:34:07.022Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates."}], "id": "CVE-2026-6388", "lastModified": "2026-04-15T22:17:22.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-15T22:17:22.583", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-6388"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458766"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1220"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"bugzilla": {"description": "argocd-image-updater: ArgoCD Image Updater: Cross-Namespace Privilege Escalation via insufficient namespace validation", "id": "2458766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458766"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "status": "draft"}, "cwe": "CWE-1220", "details": ["A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates."], "mitigation": {"lang": "en:us", "value": "Ensure that `AppProject` resources are configured to enforce strict tenant isolation within Red Hat OpenShift GitOps environments. Additionally, restrict the permissions of the Argo CD Image Updater controller to operate only within its designated namespaces, and limit the ability of users to create or modify `ImageUpdater` resources to trusted administrators. This reduces the risk of unauthorized cross-namespace application updates."}, "name": "CVE-2026-6388", "package_state": [{"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argocd-image-updater-rhel8", "product_name": "Red Hat OpenShift GitOps"}], "public_date": "2026-04-15T19:30:41Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6388\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6388"], "statement": "Critical: A cross-namespace privilege escalation flaw in Argo CD Image Updater, a component of Red Hat OpenShift GitOps, allows an attacker with permissions to create or modify `ImageUpdater` resources to trigger unauthorized image updates on applications in other namespaces. This impacts multi-tenant environments where the controller operates with broad cluster-level permissions. Red Hat OpenShift GitOps versions prior to v1.19.2 are affected.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-16T02:17:56.249336+00:00", "value": {"mitigation_remediation": ["Configure AppProject resources to enforce strict tenant isolation within Red\u00a0Hat\u00a0OpenShift\u00a0GitOps environments.", "Restrict the permissions of the Argo\u00a0CD Image Updater controller so that it can operate only within its intended namespaces.", "Limit the ability of users to create or modify ImageUpdater resources to trusted administrators only.", "Audit RBAC policies to ensure that only necessary roles have permissions to manage ImageUpdater resources.", "Deploy the latest Red\u00a0Hat\u00a0OpenShift\u00a0GitOps release once an official patch becomes available."], "summary": {"action": "Apply Workaround", "impact": "Cross\u2011namespace privilege escalation leading to unauthorized image updates and application integrity loss"}, "threat_synthesis": {"affected_systems": "Red\u00a0Hat\u00a0OpenShift\u00a0GitOps (v1 or unspecified) is the affected product, as identified by the Red\u00a0Hat CPE entry cpe:/a:redhat:openshift_gitops:1.", "description_and_impact": "The flaw lies in ArgoCD Image Updater, permitting an attacker who can create or edit an ImageUpdater resource in a multi\u2011tenant environment to bypass namespace boundaries due to insufficient validation. The attacker can trigger image updates on applications belonging to other tenants, escalating privileges across namespaces and compromising the integrity of those applications.", "risk_and_exploitability": "The CVSS score of 9.1 indicates a high\u2011severity vulnerability. While the EPSS score is not available and the vulnerability is not listed in the KEV catalog, the lack of public exploits does not mitigate the risk. Attackers need only the ability to create or edit ImageUpdater resources, a privilege that can be granted to cluster\u2011admin or project\u2011admin roles. Once granted, the attacker can perform unrestricted image updates across namespaces, effectively achieving cross\u2011namespace privilege escalation. The attack vector is inferred to be privilege\u2011based, relying on misconfigured or overly permissive RBAC."}}}}, "created": "2026-04-16T02:30:21.676666+00:00", "updated": "2026-04-16T02:30:21.676679+00:00", "vendors": []}