Back to search
CVE-2026-42350
Published: May 8, 2026
Modified: May 12, 2026
PUBLISHED
Description
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2.
| Vendor | Product | Versions |
|---|---|---|
akuity | kargo | affected < 1.7.10affected >= 1.8.0-rc.1, < 1.8.13affected >= 1.9.0-rc.1, < 1.9.8affected >= 1.10.0-rc.1, < 1.10.2 |
Weaknesses (CWE)
References
https://github.com/akuity/kargo/security/advisories/GHSA-g7gw-m874-7rmf
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now