No Patch, No CVE: Argo CD Repo-Server Flaw Opens Door to Kubernetes Cluster Takeover
Synacktiv reported the unauthenticated RCE bug to maintainers. There's still no fix.

An unpatched bug in Argo CD's repo-server component lets an unauthenticated attacker run arbitrary code on the host — and, from there, seize the Kubernetes cluster it manages.
The flaw was reported by offensive-security firm Synacktiv. There is no CVE assigned. There is no vendor patch.
Argo CD is a GitOps continuous-delivery tool used to push application manifests into Kubernetes clusters. The repo-server is the internal component responsible for cloning Git repositories and rendering Kubernetes manifests. It is not intended to be exposed to end users, and it does not require authentication for the gRPC calls it accepts on its internal port. That design assumption is the problem.
Any attacker who can reach the repo-server's port on the pod network can trigger the code-execution path. In a typical cluster, that includes any workload sharing the network namespace, any pod that escapes its intended network policy, or anything on an adjacent segment where Argo CD's namespace is reachable. Once code runs inside the repo-server pod, the service account token mounted into that pod is available. Argo CD's service accounts are, by design, powerful. Cluster-admin escalation follows.
Synacktiv says it disclosed the issue to the Argo CD maintainers and is publishing without a fix in place. The project has not issued a security advisory at the time of writing, and no mitigation has been shipped through the standard release channels at argo-cd.readthedocs.io.
There is no regulator with clean jurisdiction here — this is a software supply-chain risk, not a personal-data exposure — but operators running Argo CD in production regulated environments (PCI, HIPAA, UK GDPR) should treat an unauthenticated RCE in their deployment pipeline as a material control failure until remediated.
What Argo CD operators should do now:
- Restrict network access to the repo-server pod. NetworkPolicy should allow ingress only from the application-controller and API server pods within the argocd namespace. Nothing else on the cluster should be able to dial its gRPC port.
- Audit the service account bound to the repo-server deployment. Trim cluster-wide permissions where possible; the repo-server itself does not need broad cluster access to render manifests.
- Review egress. The repo-server pulls from Git and Helm registries — lock those destinations down so a compromised pod cannot exfiltrate freely.
- Watch for the vendor advisory. Subscribe to the argo-cd GitHub security advisories feed and be ready to roll a patched image the moment one lands.
One more thing worth saying plainly: if your Argo CD instance is reachable from the public internet, or from a shared tenancy network, assume you are in scope. The absence of a CVE identifier does not mean the absence of a bug. It just means the paperwork hasn't caught up.



