{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-32828", "tracking": { "current_release_date": "2026-03-30T15:25:37.970038Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-32828", "initial_release_date": "2026-03-20T18:23:39.368378Z", "revision_history": [ { "date": "2026-03-20T18:23:39.368378Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (4).| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T18:23:42.610655Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-20T18:24:18.832745Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T18:24:20.681108Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-20T19:55:56.546513Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T19:55:59.574001Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-03-20T21:41:57.557215Z", "number": "7", "summary": "References created (2)." }, { "date": "2026-03-20T21:59:33.697417Z", "number": "8", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-20T21:59:38.068121Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2026-03-21T13:46:48.620348Z", "number": "10", "summary": "References removed (2)." }, { "date": "2026-03-22T00:52:12.165450Z", "number": "11", "summary": "References created (2)." }, { "date": "2026-03-22T11:25:13.074640Z", "number": "12", "summary": "References removed (2)." }, { "date": "2026-03-23T00:54:22.053225Z", "number": "13", "summary": "References created (2)." }, { "date": "2026-03-25T15:39:19.579655Z", "number": "14", "summary": "Unknown change." }, { "date": "2026-03-25T15:39:22.504419Z", "number": "15", "summary": "NCSC Score updated." }, { "date": "2026-03-27T00:13:03.014245Z", "number": "16", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (4).| References created (3).| CWES updated (1)." }, { "date": "2026-03-27T00:13:05.416382Z", "number": "17", "summary": "NCSC Score updated." }, { "date": "2026-03-27T00:14:07.681936Z", "number": "18", "summary": "Source created.| CVE status created. (valid)| Description created for source.| References created (3)." }, { "date": "2026-03-30T15:25:35.305761Z", "number": "19", "summary": "CVSS created.| Products connected (1).| Product Identifiers created (4).| Products created (3)." }, { "date": "2026-03-30T15:25:37.038313Z", "number": "20", "summary": "NCSC Score updated." } ], "status": "interim", "version": "20" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=1.4.0|<1.6.4", "product": { "name": "vers:unknown/>=1.4.0|<1.6.4", "product_id": "CSAFPID-5874281", "product_identification_helper": { "cpe": "cpe:2.3:a:akuity:kargo:*:*:*:*:*:kubernetes:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=1.7.0-rc.1|<1.7.9", "product": { "name": "vers:unknown/>=1.7.0-rc.1|<1.7.9", "product_id": "CSAFPID-5874282" } }, { "category": "product_version_range", "name": "vers:unknown/>=1.7.0|<1.7.9", "product": { "name": "vers:unknown/>=1.7.0|<1.7.9", "product_id": "CSAFPID-5965378", "product_identification_helper": { "cpe": "cpe:2.3:a:akuity:kargo:*:*:*:*:*:kubernetes:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=1.8.0-rc.1|<1.8.12", "product": { "name": "vers:unknown/>=1.8.0-rc.1|<1.8.12", "product_id": "CSAFPID-5874283" } }, { "category": "product_version_range", "name": "vers:unknown/>=1.8.0|<1.8.12", "product": { "name": "vers:unknown/>=1.8.0|<1.8.12", "product_id": "CSAFPID-5965379", "product_identification_helper": { "cpe": "cpe:2.3:a:akuity:kargo:*:*:*:*:*:kubernetes:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=1.9.0-rc.1|<1.9.5", "product": { "name": "vers:unknown/>=1.9.0-rc.1|<1.9.5", "product_id": "CSAFPID-5874284" } }, { "category": "product_version_range", "name": "vers:unknown/>=1.9.0|<1.9.5", "product": { "name": "vers:unknown/>=1.9.0|<1.9.5", "product_id": "CSAFPID-5965380", "product_identification_helper": { "cpe": "cpe:2.3:a:akuity:kargo:*:*:*:*:*:kubernetes:*:*" } } } ], "category": "product_name", "name": "kargo" } ], "category": "vendor", "name": "akuity" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-32828", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "description", "text": "Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery (SSRF) against link-local addresses, most critically the cloud instance metadata endpoint (169.254.169.254), enabling exfiltration of sensitive data such as IAM credentials. These steps provide full control over request headers and methods, rendering cloud provider header-based SSRF mitigations ineffective. An authenticated attacker with permissions to create/update Stages or craft Promotion resources can exploit this by submitting a malicious Promotion manifest, with response data retrievable via Promotion status fields, Git repositories, or a second http step. This issue has been fixed in versions 1.6.4, 1.7.9, 1.8.12 and 1.9.5.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/32xxx/CVE-2026-32828.json" }, { "category": "description", "text": "Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery (SSRF) against link-local addresses, most critically the cloud instance metadata endpoint (169.254.169.254), enabling exfiltration of sensitive data such as IAM credentials. These steps provide full control over request headers and methods, rendering cloud provider header-based SSRF mitigations ineffective. An authenticated attacker with permissions to create/update Stages or craft Promotion resources can exploit this by submitting a malicious Promotion manifest, with response data retrievable via Promotion status fields, Git repositories, or a second http step. This issue has been fixed in versions 1.6.4, 1.7.9, 1.8.12 and 1.9.5.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-32828" }, { "category": "description", "text": "## Summary\n\nKargo's built-in `http` and `http-download` promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits requests to link-local addresses, for which there are no known, legitimate use cases. Of particular concern is the cloud instance metadata endpoint (often `169.254.169.254`), which is unauthenticated and can expose sensitive configuration data including IAM credentials. While cloud providers typically implement header-based SSRF mitigations for these endpoints, the `http` step provides full control over request method and headers, rendering these protections ineffective. The `http-download` step provides control over headers only (not method), but this is still sufficient for exfiltrating data from metadata endpoints.\n\nThere are two vectors for exploitation. A user with permission to create or update a Stage can configure its promotion template to include malicious `http` or `http-download` steps. Alternatively, a user with `promote` permission on any Stage can craft a Promotion resource directly. In either case, the controller executes the steps in-cluster, and response data can be inserted into Promotion status fields, written to a Git repository, or sent to a remote location using a second instance of the `http` step.\n\nThe remediation for this issue is the introduction of a safe HTTP transport that refuses to dial link-local addresses. Requests to private and internal addresses will continue to be permitted, as this is by design. It is the responsibility of services at such addresses to implement proper authentication and authorization, and/or the responsibility of platform teams to define and enforce network policies that restrict traffic appropriately.\n\n### Base Metrics\n ---\nThe following sections provide the rationale for the values selected for each of CVSS v4's base metrics.\n\n### Attack Vector (AV): Network\nThe Kargo API server is accessible over HTTP/HTTPS. No local, adjacent network, or physical access is required.\n\n### Attack Complexity (AC): Low\nExploitation requires only a crafted Promotion manifest submitted via the Kargo API. No race conditions, non-default configurations, or prior information gathering is required.\n\n### Attack Requirements (AT): None\nNo specific environmental conditions are required beyond a standard Kargo deployment. The http and http-download built-in steps are always available.\n\n### Privileges Required (PR): High\nThe attacker must be authenticated to the Kargo API server and hold permissions sufficient to create or update a Stage, or to craft a Promotion resource directly. Although these may not be considered administrative permissions, they are non-trivial, not granted broadly by default, and must be explicitly assigned by a project administrator.\n\n### User Interaction (UI): None\nThe attack is fully automated via API calls. No other user needs to take any action. The controller processes the malicious Promotion without human intervention.\n\n### Confidentiality Impact to Vulnerable System (VC): None\nKargo itself does not expose its own secrets or configuration data through this vulnerability. The impact is to other systems reachable from the controller's network position, not to Kargo's own data.\n\n### Integrity Impact to Vulnerable System (VI): None\nKargo's own data and configuration are not modified by this vulnerability. While malicious Promotion resources are created, they function within Kargo's normal processing pipeline.\n\n### Availability Impact to Vulnerable System (VA): None\nThis vulnerability does not enable denial of service against Kargo. Each Promotion executes a bounded set of HTTP requests and does not consume disproportionate resources.\n\n### Confidentiality Impact to Subsequent Systems (SC): Low\nThe controller runs in-cluster and can reach link-local addresses, including cloud instance metadata endpoints. These endpoints are unauthenticated and can expose sensitive data such as IAM credentials. Provider-side header-based SSRF mitigations are ineffective because these steps provide full control over request headers.\n\n### Integrity Impact to Subsequent Systems (SI): None\nCloud instance metadata endpoints are read-only. While the http step supports arbitrary HTTP methods, the only unintended access enabled by this vulnerability is to link-local addresses, and these do not accept state-changing requests.\n\n### Availability Impact to Subsequent Systems (SA): None\nA single HTTP request per promotion step does not constitute a meaningful denial-of-service vector against subsequent systems. There is no amplification mechanism.\n\n## Mitigating Factors\n\n- Exploitation requires authentication to the Kargo API server with permissions to create or update Stages, or to craft Promotion resources directly. These permissions must be explicitly granted by a project administrator.\n\n- All Promotion creation is audited. The creating user's identity is recorded in annotations and Kubernetes events, providing a clear forensic trail.\n\n- The practical impact is limited to cloud instance metadata endpoints. Access to private and internal addresses is by design, and services at those addresses are expected to implement their own authentication and authorization.", "title": "github - https://api.github.com/advisories/GHSA-j94x-8wcp-x7hm" }, { "category": "description", "text": "## Summary\n\nKargo's built-in `http` and `http-download` promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits requests to link-local addresses, for which there are no known, legitimate use cases. Of particular concern is the cloud instance metadata endpoint (often `169.254.169.254`), which is unauthenticated and can expose sensitive configuration data including IAM credentials. While cloud providers typically implement header-based SSRF mitigations for these endpoints, the `http` step provides full control over request method and headers, rendering these protections ineffective. The `http-download` step provides control over headers only (not method), but this is still sufficient for exfiltrating data from metadata endpoints.\n\nThere are two vectors for exploitation. A user with permission to create or update a Stage can configure its promotion template to include malicious `http` or `http-download` steps. Alternatively, a user with `promote` permission on any Stage can craft a Promotion resource directly. In either case, the controller executes the steps in-cluster, and response data can be inserted into Promotion status fields, written to a Git repository, or sent to a remote location using a second instance of the `http` step.\n\nThe remediation for this issue is the introduction of a safe HTTP transport that refuses to dial link-local addresses. Requests to private and internal addresses will continue to be permitted, as this is by design. It is the responsibility of services at such addresses to implement proper authentication and authorization, and/or the responsibility of platform teams to define and enforce network policies that restrict traffic appropriately.\n\n### Base Metrics\n ---\nThe following sections provide the rationale for the values selected for each of CVSS v4's base metrics.\n\n### Attack Vector (AV): Network\nThe Kargo API server is accessible over HTTP/HTTPS. No local, adjacent network, or physical access is required.\n\n### Attack Complexity (AC): Low\nExploitation requires only a crafted Promotion manifest submitted via the Kargo API. No race conditions, non-default configurations, or prior information gathering is required.\n\n### Attack Requirements (AT): None\nNo specific environmental conditions are required beyond a standard Kargo deployment. The http and http-download built-in steps are always available.\n\n### Privileges Required (PR): High\nThe attacker must be authenticated to the Kargo API server and hold permissions sufficient to create or update a Stage, or to craft a Promotion resource directly. Although these may not be considered administrative permissions, they are non-trivial, not granted broadly by default, and must be explicitly assigned by a project administrator.\n\n### User Interaction (UI): None\nThe attack is fully automated via API calls. No other user needs to take any action. The controller processes the malicious Promotion without human intervention.\n\n### Confidentiality Impact to Vulnerable System (VC): None\nKargo itself does not expose its own secrets or configuration data through this vulnerability. The impact is to other systems reachable from the controller's network position, not to Kargo's own data.\n\n### Integrity Impact to Vulnerable System (VI): None\nKargo's own data and configuration are not modified by this vulnerability. While malicious Promotion resources are created, they function within Kargo's normal processing pipeline.\n\n### Availability Impact to Vulnerable System (VA): None\nThis vulnerability does not enable denial of service against Kargo. Each Promotion executes a bounded set of HTTP requests and does not consume disproportionate resources.\n\n### Confidentiality Impact to Subsequent Systems (SC): Low\nThe controller runs in-cluster and can reach link-local addresses, including cloud instance metadata endpoints. These endpoints are unauthenticated and can expose sensitive data such as IAM credentials. Provider-side header-based SSRF mitigations are ineffective because these steps provide full control over request headers.\n\n### Integrity Impact to Subsequent Systems (SI): None\nCloud instance metadata endpoints are read-only. While the http step supports arbitrary HTTP methods, the only unintended access enabled by this vulnerability is to link-local addresses, and these do not accept state-changing requests.\n\n### Availability Impact to Subsequent Systems (SA): None\nA single HTTP request per promotion step does not constitute a meaningful denial-of-service vector against subsequent systems. There is no amplification mechanism.\n\n## Mitigating Factors\n\n- Exploitation requires authentication to the Kargo API server with permissions to create or update Stages, or to craft Promotion resources directly. These permissions must be explicitly granted by a project administrator.\n\n- All Promotion creation is audited. The creating user's identity is recorded in annotations and Kubernetes events, providing a clear forensic trail.\n\n- The practical impact is limited to cloud instance metadata endpoints. Access to private and internal addresses is by design, and services at those addresses are expected to implement their own authentication and authorization.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-j94x-8wcp-x7hm.json?alt=media" }, { "category": "description", "text": "Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4717.json?alt=media" }, { "category": "other", "text": "0.00029", "title": "EPSS" }, { "category": "other", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N", "title": "CVSSV4" }, { "category": "other", "text": "5.1", "title": "CVSSV4 base score" }, { "category": "other", "text": "4.3", "title": "NCSC Score" }, { "category": "other", "text": "The value of the most recent EPSS score", "title": "NCSC Score top decreasing factors" } ], "product_status": { "known_affected": [ "CSAFPID-5874281", "CSAFPID-5874282", "CSAFPID-5874283", "CSAFPID-5874284", "CSAFPID-5965378", "CSAFPID-5965379", "CSAFPID-5965380" ] }, "references": [ { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/32xxx/CVE-2026-32828.json" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-32828" }, { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-j94x-8wcp-x7hm" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-j94x-8wcp-x7hm.json?alt=media" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4717.json?alt=media" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/akuity/kargo/security/advisories/GHSA-j94x-8wcp-x7hm" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/akuity/kargo/commit/fd25620c2473ed19bec4be4d0f181287ef0f0391" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-j94x-8wcp-x7hm" }, { "category": "external", "summary": "Reference - github; osv", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32828" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-5874281", "CSAFPID-5874282", "CSAFPID-5874283", "CSAFPID-5874284", "CSAFPID-5965378", "CSAFPID-5965379", "CSAFPID-5965380" ] } ], "title": "CVE-2026-32828" } ] }