Cyber Resilience

CVE-2026-43824

HighUpdated

Published: 02 May 2026

Published
02 May 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0022 13.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-43824 is a high-severity Improper Removal of Sensitive Information Before Storage or Transfer (CWE-212) vulnerability in Redhat (inferred from references). Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-43824 is a vulnerability in Argo CD versions 3.2.0 through 3.2.10 and 3.3.0 through 3.3.8, where the ServerSideDiff feature enables reading cleartext Kubernetes Secret data. Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The issue is classified under CWE-212 (Improper Removal of Sensitive Information Before Storage or Transfer) with a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), indicating high confidentiality impact across a changed scope.

An attacker with low-privilege access to Argo CD, such as a repository viewer or similar role, can exploit this over the network with low complexity and no user interaction required. By triggering the ServerSideDiff functionality, they can retrieve sensitive Kubernetes Secret data in plaintext, potentially exposing credentials, tokens, or other confidential information managed within the cluster.

The official advisory at https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3 recommends upgrading to Argo CD 3.2.11 or later for the 3.2.x series, or 3.3.9 or later for the 3.3.x series, as these versions address the ServerSideDiff exposure. No workarounds are detailed in the provided information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

The vulnerability allows low-privileged attackers to trigger ServerSideDiff in Argo CD and retrieve cleartext Kubernetes Secret data containing credentials/tokens, directly facilitating Unsecured Credentials collection.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-42880Shared CWE-212
CVE-2024-43384Shared CWE-212
CVE-2026-27640Shared CWE-212
CVE-2024-8474Shared CWE-212
CVE-2026-32891Shared CWE-212
CVE-2026-34214Shared CWE-212

Affected Assets

Redhat
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of flaws like CVE-2026-43824 through patching Argo CD to eliminate ServerSideDiff exposure of cleartext Kubernetes secrets.

prevent

Implements output filtering to remove sensitive information such as plaintext Kubernetes secrets from Argo CD diff responses before delivery to users.

detect

Monitors for information disclosure events, enabling detection of unauthorized access to cleartext secrets via exploitation of the ServerSideDiff feature.

References