Description
Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery (SSRF) against link-local addresses, most critically the cloud instance metadata endpoint (169.254.169.254), enabling exfiltration of sensitive data such as IAM credentials. These steps provide full control over request headers and methods, rendering cloud provider header-based SSRF mitigations ineffective. An authenticated attacker with permissions to create/update Stages or craft Promotion resources can exploit this by submitting a malicious Promotion manifest, with response data retrievable via Promotion status fields, Git repositories, or a second http step. This issue has been fixed in versions 1.6.4, 1.7.9, 1.8.12 and 1.9.5.
Published: 2026-03-20
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Exfiltration
Action: Immediate Patch
AI Analysis

Impact

Akuity Kargo allows an attacker to use the http and http-download promotion steps to send requests to internal link-local addresses, such as the cloud instance metadata service at 169.254.169.254. By crafting a malicious Promotion manifest, an authenticated user with permission to create or update Stages can cause Kargo to fetch arbitrary internal resources and return the payload in Promotion status fields, Git repositories, or a subsequent http step. The response data can contain sensitive IAM credentials, secrets, or other administrative information, leading to information disclosure and potential credential compromise.

Affected Systems

Affected versions of the Akuity Kargo product include 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4. All instances running any of these releases are vulnerable.

Risk and Exploitability

The Common Vulnerability Scoring System assigns a severity of 5.1, indicating a moderate impact; the Exploit Prediction Scoring System reports a likelihood of less than 1%, suggesting the vulnerability is not widely exploited yet, and it is not listed in the CISA KEV catalog. Exploitation requires an authenticated attacker who can modify Promotion resources, meaning that the attack vector likely originates from within the Kubernetes cluster or via a compromised account with sufficient privileges. Because the vulnerability bypasses typical header‑based SSRF mitigations, standard defenses may not prevent it, increasing the potential for internal network reconnaissance and credential theft.

Generated by OpenCVE AI on March 30, 2026 at 16:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest available Kargo release (1.6.4, 1.7.9, 1.8.12 or 1.9.5 or newer)
  • If upgrade is not immediately possible, restrict permissions so that only trusted users can create or update Stages and Promotion resources
  • Consider network segmentation or firewall rules to block outbound traffic from the Kargo pods to link‑local addresses such as 169.254.169.254

Generated by OpenCVE AI on March 30, 2026 at 16:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j94x-8wcp-x7hm Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration
History

Mon, 30 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:akuity:kargo:*:*:*:*:*:kubernetes:*:*
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Akuity
Akuity kargo
Vendors & Products Akuity
Akuity kargo

Fri, 20 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery (SSRF) against link-local addresses, most critically the cloud instance metadata endpoint (169.254.169.254), enabling exfiltration of sensitive data such as IAM credentials. These steps provide full control over request headers and methods, rendering cloud provider header-based SSRF mitigations ineffective. An authenticated attacker with permissions to create/update Stages or craft Promotion resources can exploit this by submitting a malicious Promotion manifest, with response data retrievable via Promotion status fields, Git repositories, or a second http step. This issue has been fixed in versions 1.6.4, 1.7.9, 1.8.12 and 1.9.5.
Title Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration
Weaknesses CWE-918
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Akuity Kargo
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-25T14:38:54.598Z

Reserved: 2026-03-16T17:35:36.698Z

Link: CVE-2026-32828

cve-icon Vulnrichment

Updated: 2026-03-25T14:36:57.185Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T01:15:56.110

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-32828

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:59:03Z

Weaknesses