THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-42880 (CRITICAL 9.6) — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to ex

[NVD] CVE-2026-42880 (CRITICAL 9.6) — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to ex

lownvdPublished 2026-05-07

CVE-2026-42880 CVSS: 9.6 CRITICAL Published: 2026-05-07T23:16:32.450

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd v

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-42880