Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-62185: Initialization of a Resource with an Insecure Default in argoproj argo-helm

0
High
VulnerabilityCVE-2026-62185cvecve-2026-62185
Published: 07/13/2026 (07/13/2026, 21:31:23 UTC)
Source: CVE Database V5
Vendor/Project: argoproj
Product: argo-helm

Description

Argo CD Helm Chart versions before 10.0.0 do not install network policies by default. This misconfiguration allows any pod within the Kubernetes cluster to access the repo-server and other Argo APIs. Such unrestricted network access can be exploited by attackers through combined attack vectors to potentially compromise the cluster and achieve remote code execution.

CVSS v4.0

Score 8.6high

Attack Vector
Adjacent Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Vuln. Confidentiality
High
Vuln. Integrity
High
Vuln. Availability
Low
Subsq. Confidentiality
None
Subsq. Integrity
None
Subsq. Availability
None
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Affected software

GitHub Actionsmore threats →cve
argo-helm
pkg:github/argo-helm
Affected versions
<10.0.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/13/2026, 22:02:51 UTC

Technical Analysis

CVE-2026-62185 describes a vulnerability in the Argo CD Helm Chart prior to version 10.0.0 where network policies are not installed by default. This results in an insecure default configuration that permits any pod in the cluster to communicate with the repo-server and other Argo APIs without restriction. The lack of network segmentation increases the attack surface, enabling attackers to leverage this access in combination with other exploits to compromise the Kubernetes cluster and execute code remotely. The CVSS 4.0 score of 8.6 reflects a high severity with attack vector being adjacent network, low attack complexity, and no user interaction required.

Potential Impact

The vulnerability allows unauthorized pods within the cluster to access critical Argo CD components, such as the repo-server and APIs. This can lead to cluster compromise and remote code execution if attackers chain this access with other vulnerabilities or misconfigurations. The impact is significant as it undermines the isolation and security boundaries within the Kubernetes environment managed by Argo CD.

Mitigation Recommendations

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix or update is available, users should manually configure and enforce network policies to restrict pod-to-pod communication and limit access to the repo-server and Argo APIs. Monitoring vendor channels for updates regarding an official fix or recommended configuration changes is advised.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
VulnCheck
Date Reserved
2026-07-13T16:36:32.095Z
Cvss Version
4.0
State
PUBLISHED
Remediation Level
null

Threat ID: 6a555d1768715ace43ecab5d

Added to database: 07/13/2026, 21:48:07 UTC

Last enriched: 07/13/2026, 22:02:51 UTC

Last updated: 07/13/2026, 22:52:05 UTC

Views: 7

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses