CVE-2026-27112
Published: 20 February 2026
Description
Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can…
more
manifest a bug present in the logic of both endpoints to inject arbitrary resources (of specific types only) into the underlying namespace of an existing Project using the API server's own permissions when that behavior was not intended. Critically, an attacker may exploit this as a vector for elevating their own permissions, which can then be leveraged to achieve remote code execution or secret exfiltration. Exfiltrated artifact repository credentials can be leveraged, in turn, to execute further attacks. In some configurations of the Kargo control plane's underlying Kubernetes cluster, elevated permissions may additionally be leveraged to achieve remote code execution or secret exfiltration using kubectl. This can reduce the complexity of the attack, however, worst case scenarios remain entirely achievable even without this. This vulnerability is fixed in v1.7.8, v1.8.11, and v1.9.3.
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for API endpoint access, preventing unauthorized injection of arbitrary resources into Project namespaces using the API server's permissions.
Validates multi-document YAML payloads submitted to batch resource creation endpoints, blocking specially crafted inputs that exploit the logic bug.
Restricts privileges to the minimum necessary, limiting the impact of privilege escalation achieved through injected resources.
Security SummaryAI
CVE-2026-27112 is a critical authorization vulnerability (CWE-863) in Kargo, an open-source tool for managing and automating the promotion of software artifacts in Kubernetes environments. It affects versions from 1.7.0 up to but not including v1.7.8, v1.8.11, and v1.9.3. The issue resides in the batch resource creation endpoints of Kargo's legacy gRPC API and newer REST API, which accept multi-document YAML payloads. Specially crafted payloads exploit a bug in the endpoint logic, allowing injection of arbitrary resources (of specific types only) into the underlying namespace of an existing Project, leveraging the API server's own permissions in ways not intended.
Attackers require low privileges (PR:L) and network access (AV:N) to exploit this over the internet with no user interaction (UI:N), achieving a CVSS v3.1 base score of 9.9. A low-privileged user can use crafted payloads to elevate their permissions within the Project's namespace. This elevation enables remote code execution (RCE) or secret exfiltration, including artifact repository credentials that can facilitate further supply chain attacks. In certain configurations of the underlying Kubernetes cluster running the Kargo control plane, elevated permissions may also allow RCE or secret exfiltration via kubectl, though the worst-case impacts remain achievable without this.
The vulnerability is addressed in Kargo releases v1.7.8, v1.8.11, and v1.9.3. Official mitigation details are available in the GitHub security advisory (GHSA-7g9x-cp9g-92mr) and the fixing commit (155c6852ffbffa2902f18e6c7add91a846e8d344), which practitioners should review for patch deployment and verification steps.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE allows exploitation of Kargo API (T1190) for privilege escalation via resource injection (T1068), enabling secret exfiltration (T1552).