CVE-2026-6388

Name of the Vulnerable Software and Affected Versions ArgoCD Image Updater (affected versions not specified)

Description An issue in multi-tenant environments allows an attacker with permissions to create or modify an ImageUpdater resource to bypass namespace boundaries. Due to insufficient validation, an attacker can trigger unauthorized image updates on applications managed by other tenants, leading to cross-namespace privilege escalation and impacting application integrity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Enforce strict AppProject isolation. Restrict access to ImageUpdater resources.