Skip to content
Cloudwalker ITCloudwalker.it
← Back to Insights
kubernetessecurityaksargocdgitopscve

CVE-2026-42880: Argo CD's ServerSideDiff Endpoint Leaks Kubernetes Secrets to Read-Only Users

2026-05-146 min readCloudwalker IT

Argo CD versions 3.2.0–3.2.10 and 3.3.0–3.3.8 contain a critical flaw (CVSS 9.6, GHSA-3v3m-wc6v-x4x3) where a single authenticated user with no more than read-only access can extract plaintext Kubernetes Secret data from any Application the instance manages. Published 7 May 2026, it is patched in v3.2.11 and v3.3.9. A proof-of-concept Python script using the grpc-web protocol is publicly available.

What Changed

The root cause is a masking gap in the ServerSideDiff gRPC/REST endpoint. Every other Argo CD endpoint that returns resource state — GetManifests, GetManifestsWithFiles, GetResource, PatchResource — calls hideSecretData() before responding. ServerSideDiff does not. Instead it returns raw PredictedLive and NormalizedLive fields populated via the Kubernetes API server's Server-Side Apply (SSA) dry-run mechanism, which reads directly from live etcd state.

Argo CD has a partial defense: removeWebhookMutation() strips fields not owned by Argo CD from the SSA dry-run response. When argocd-controller is the sole SSA field manager for a Secret's data fields, the dry-run call garbage-collects them and they don't survive in the response. This defence breaks in two ways:

  1. 1.Any Secret that has a second SSA field manager — kube-controller-manager, Helm, cert-manager, or an operator — retains data field ownership outside Argo CD, so the dry-run returns the real values.
  2. 2.Setting the annotation argocd.argoproj.io/compare-options: IncludeMutationWebhook=true on an Application disables removeWebhookMutation() entirely, bypassing the partial defence regardless of field ownership.

Default Argo CD RBAC includes a role:catch-all policy that grants every authenticated user get access on Applications. Any user who can log in — including CI service accounts — can invoke ServerSideDiff without elevated permissions.

Why It Matters Operationally

AKS operators are directly in scope. Microsoft launched the Argo CD cluster extension for AKS and Arc-enabled Kubernetes in public preview earlier this year, shipping Argo CD v3.x and integrating with Entra ID via OIDC SSO. That SSO path is recommended practice — and it means every developer who can authenticate to Entra may hold Argo CD read access by default. The secrets reachable via this endpoint in a typical AKS environment include: ACR pull secrets, database connection strings, TLS private keys, and externally-injected values from Azure Key Vault via the Secrets Store CSI driver.

The multi-field-manager condition is not rare. Helm sets its own SSA field manager (helm) on resources it manages; so do most operators and controllers. Most AKS GitOps setups that use Helm-packaged workloads will produce Secrets with multiple managers without any operator action. Teams need to audit their RBAC population, not just their annotation usage.

If your Argo CD instance is reachable from the internet — as is common in multi-tenant developer self-service setups fronted by an ingress — and Entra guest users or external contractors have SSO access, the threat is concrete and the bar to exploit is low.

To check the installed version on an AKS cluster running the managed extension:

az k8s-extension show \
  --cluster-type managedClusters \
  --cluster-name <cluster-name> \
  --resource-group <resource-group> \
  --name argocd \
  --query "version" -o tsv

Update via:

az k8s-extension update \
  --cluster-type managedClusters \
  --cluster-name <cluster-name> \
  --resource-group <resource-group> \
  --name argocd

For self-managed deployments, upgrade the Helm chart or image tag to v3.2.11 or v3.3.9 before the end of your next maintenance window.

Tradeoffs and Caveats

Patching is the only remediation. Disabling ServerSideDiff is not a supported configuration option — the feature is embedded in the API server and there is no feature gate to toggle it off.

Exploitability is not universal by default. If argocd-controller is the sole SSA field manager for all Secret data fields and the IncludeMutationWebhook annotation is absent, secrets are garbage-collected by the dry-run and do not appear in the endpoint response. But "sole field manager" is a narrow condition that breaks the moment any external tool touches the same Secret. Helm, cert-manager, ESO, and Kyverno-generated Secrets all qualify. Teams should treat this as exploitable unless they can positively confirm the field-manager condition for every Secret in scope — which is impractical at scale.

The CVSS score (9.6) reflects network-accessible, low-privilege, no-user-interaction exploitation with high confidentiality and integrity impact. That scoring is honest: the prerequisites are minimal and the impact (plaintext credential extraction) is high. The scope-changed (S:C) modifier applies because the compromise extends beyond the Argo CD component to the Kubernetes control plane and any downstream systems whose credentials are exposed.

One honest "this is good": both patch versions dropped within a week of the advisory. The Argo CD project's response time here is faster than historical precedent for projects of this size.

The patched versions are available now; version pinning and upgrade cadence are the only variables left.