CVE-2026-27112
- EPSS 0.21%
- Veröffentlicht 20.02.2026 21:22:56
- Zuletzt bearbeitet 25.02.2026 18:03:32
Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially...
- EPSS 0.03%
- Veröffentlicht 20.02.2026 21:17:07
- Zuletzt bearbeitet 25.02.2026 18:01:51
Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion p...
CVE-2026-24748
- EPSS 0.13%
- Veröffentlicht 27.01.2026 21:23:53
- Zuletzt bearbeitet 25.02.2026 17:59:22
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the `GetConfig()` API endpoint. This allowed unauthenticated users to access this endpoint by sp...