CVE-2026-6388
Received Received - Intake
Cross-Namespace Privilege Escalation in ArgoCD Image Updater

Publication date: 2026-04-15

Last updated on: 2026-04-15

Assigner: Red Hat, Inc.

Description
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6388
EUVD
EUVD-2026-23126
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
argocd_image_updater argocd_image_updater *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1220 The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can impact you by allowing unauthorized updates to applications managed by other tenants in a multi-tenant environment.

This leads to cross-namespace privilege escalation, compromising application integrity.

As a result, attackers could potentially introduce malicious changes or disrupt application functionality.

Executive Summary

This vulnerability exists in ArgoCD Image Updater and allows an attacker who has permissions to create or modify an ImageUpdater resource in a multi-tenant environment to bypass namespace boundaries.

By exploiting insufficient validation, the attacker can cause unauthorized image updates on applications managed by other tenants.

This results in cross-namespace privilege escalation, meaning the attacker can affect applications outside their own namespace.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6388. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart