Browse all 5 CVE security advisories affecting akuity. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Akuity provides a GitOps platform for managing Kubernetes deployments and application lifecycles. Historically, its vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The platform's security posture has been impacted by multiple critical vulnerabilities affecting its API and web interface, with four CVEs documented to date. These issues have allowed unauthorized access, arbitrary code execution, and container escapes in certain configurations. While no major public incidents have been widely reported, the consistent pattern of authentication and input validation vulnerabilities suggests potential attack surfaces remain in its deployment and management components.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42350 | Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter — kargoCWE-601 | 6.1AI | MediumAI | 2026-05-08 |
| CVE-2026-32828 | Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration — kargoCWE-918 | 9.1 | - | 2026-03-20 |
| CVE-2026-27112 | Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints — kargoCWE-863 | 8.2AI | HighAI | 2026-02-20 |
| CVE-2026-27111 | Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints — kargoCWE-862 | 8.1AI | HighAI | 2026-02-20 |
| CVE-2026-24748 | Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access — kargoCWE-863 | 5.3AI | MediumAI | 2026-01-27 |
This page lists every published CVE security advisory associated with akuity. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.