Package impact
Go / github.com/akuity/kargo
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32828 | medium | 4.9 | 4.9 | 2mo ago | Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo | |||
| CVE-2026-27112 | unknown | — | — | 3mo ago | Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints in github.com/akuity/kargo | |||
| CVE-2026-27111 | unknown | — | — | 3mo ago | Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints in github.com/akuity/kargo | |||
| CVE-2026-24748 | unknown | — | — | 4mo ago | Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access in github.com/akuity/kargo |