Description
Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in the logic of both endpoints to inject arbitrary resources (of specific types only) into the underlying namespace of an existing Project using the API server's own permissions when that behavior was not intended. Critically, an attacker may exploit this as a vector for elevating their own permissions, which can then be leveraged to achieve remote code execution or secret exfiltration. Exfiltrated artifact repository credentials can be leveraged, in turn, to execute further attacks. In some configurations of the Kargo control plane's underlying Kubernetes cluster, elevated permissions may additionally be leveraged to achieve remote code execution or secret exfiltration using kubectl. This can reduce the complexity of the attack, however, worst case scenarios remain entirely achievable even without this. This vulnerability is fixed in v1.7.8, v1.8.11, and v1.9.3.
Published: 2026-02-20
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution/Privilege Escalation via Authorization Bypass
Action: Immediate Patch
AI Analysis

Impact

Kargo’s batch resource creation endpoints in both its legacy gRPC and newer REST APIs accepted multi-document YAML payloads. A flaw in the logic of these endpoints allows an attacker to insert arbitrary resources of certain types into a Project’s namespace using the API server’s own permissions, when that behavior was not intended. This effectively bypasses authorization controls and can elevate the attacker’s permissions, enabling remote code execution or exfiltration of secrets. The vulnerability is a classic authorization bypass (CWE-863) that exposes the control plane’s underlying Kubernetes cluster to elevated attacks.

Affected Systems

The affected vendor is Akuity Kargo. Versions from 1.7.0 up to 1.7.7, from 1.8.0 up to 1.8.10, and from 1.9.0 up to 1.9.2 are impacted. These releases accepted multi‑document YAML payloads on both the legacy gRPC API and the newer REST API.

Risk and Exploitability

The vulnerability has a CVSS score of 9.4, indicating critical severity, while the EPSS score of <1% suggests a low current exploitation probability, and it is not listed in the CISA KEV catalog. However, because the flaw permits injection of resources with the API server’s permissions, an attacker with minimal access can potentially gain cluster‑level privileges. The attack vector likely involves sending crafted YAML through permitted API endpoints, and no additional prerequisites beyond API access are mentioned in the description. Patching to the fixed releases removes the ability to inject and thus eliminates the risk.

Generated by OpenCVE AI on April 18, 2026 at 11:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Akuity Kargo release (v1.7.8, v1.8.11, or v1.9.3) to remove the injection flaw.
  • Ensure that all batch resource creation endpoints are disabled or restricted to authorized users only in the current configuration.
  • Review cluster RBAC settings to confirm that only necessary roles have permission to create resources in the Project namespaces.

Generated by OpenCVE AI on April 18, 2026 at 11:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7g9x-cp9g-92mr Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints
History

Wed, 25 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:akuity:kargo:*:*:*:*:*:kubernetes:*:*
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Wed, 25 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Akuity
Akuity kargo
Vendors & Products Akuity
Akuity kargo

Fri, 20 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
Description Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in the logic of both endpoints to inject arbitrary resources (of specific types only) into the underlying namespace of an existing Project using the API server's own permissions when that behavior was not intended. Critically, an attacker may exploit this as a vector for elevating their own permissions, which can then be leveraged to achieve remote code execution or secret exfiltration. Exfiltrated artifact repository credentials can be leveraged, in turn, to execute further attacks. In some configurations of the Kargo control plane's underlying Kubernetes cluster, elevated permissions may additionally be leveraged to achieve remote code execution or secret exfiltration using kubectl. This can reduce the complexity of the attack, however, worst case scenarios remain entirely achievable even without this. This vulnerability is fixed in v1.7.8, v1.8.11, and v1.9.3.
Title Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Akuity Kargo
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-24T18:43:40.423Z

Reserved: 2026-02-17T18:42:27.042Z

Link: CVE-2026-27112

cve-icon Vulnrichment

Updated: 2026-02-24T18:43:34.043Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T22:16:29.343

Modified: 2026-02-25T18:03:32.900

Link: CVE-2026-27112

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:30:44Z

Weaknesses