Home / Vulnerability Intelligence / CVE-2026-6388

CVE-2026-6388 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 17, 2026

ArgoCD Image Updater - Broken Access Control

Published: April 15, 2026Updated: April 17, 2026Remote Exploitable

Overview

ArgoCD Image Updater contains a broken access control vulnerability caused by insufficient validation of ImageUpdater resource permissions in multi-tenant environments, letting attackers bypass namespace boundaries and trigger unauthorized image updates, exploit requires permissions to create or modify ImageUpdater resources.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 2.8%(Probability of exploitation in next 30 days)

Impact

Attackers can escalate privileges across namespaces, causing unauthorized application updates and compromising application integrity.

Mitigation

Update to the latest version with proper validation of ImageUpdater resource permissions.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 16, 2026

🔴 CVE-2026-6388 - Critical (9.1) A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, th... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6388/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-6388
Severity: Critical
CVSS Score: 9.1
Type: broken_access_control
Status: unconfirmed
EPSS: 2.8%
Social Posts: 1

CWE

CWE-1220

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

EPSS Score

2.8%Probability of exploitation in the next 30 days