CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-24748

Kargo Cult Security: Bypassing Auth with a Placebo Token

Alon Barad
Alon Barad
Software Engineer

Jan 27, 2026·5 min read·48 visits

Executive Summary (TL;DR)

The authentication interceptor in Kargo assumed that any token it couldn't parse as a JWT was a valid Kubernetes bearer token. It passed these 'junk' tokens through without verification. Attackers can provide any non-empty string in the Authorization header to bypass auth, dump cluster configs, or DDoS the control plane.

A critical authentication bypass in Akuity Kargo allows unauthenticated attackers to access sensitive configuration endpoints and trigger reconciliation loops. The vulnerability stems from a fail-open authentication logic that blindly trusted unrecognized tokens.

The Hook: The Keys to the Kingdom

Kargo is the traffic controller for your Kubernetes application lifecycle. It automates the promotion of software artifacts across different stages—testing, staging, production. Because it manages this flow, it inherently holds sensitive knowledge: where your clusters are, how they are configured, and the credentials (or privileged context) needed to talk to them.

In the world of continuous delivery, components like Kargo are high-value targets. If you control the promotion logic, you control what runs in production. Usually, these tools are locked down tight with OIDC, JWTs, and rigorous identity checks.

But in CVE-2026-24748, we found that Kargo's front door wasn't locked. In fact, the bouncer at the door had a very specific, very flawed set of instructions: "If you don't recognize the ID card, assume they are a VIP and let them in."

The Flaw: Optimism is a Security Bug

The vulnerability lies in the authInterceptor.authenticate method within internal/server/option/auth.go. This middleware is responsible for looking at the Authorization header and deciding who you are.

Kargo supports multiple auth schemes: its own JWTs, OIDC tokens, and—crucially—Kubernetes bearer tokens. The logic flow was intended to be:

  1. Is it a Kargo JWT? Verify it.
  2. Is it an OIDC token? Verify it.
  3. If it's neither, it must be a Kubernetes token. Let the Kubernetes API handle it later.

The fatal flaw was in step 3. The code was designed to be "fail-open" for non-JWTs. It assumed that if a token wasn't a well-formed JWT, it was an opaque token meant for the Kubernetes API server. It essentially shrugged and said, "Not my problem, the downstream API will catch it if it's fake."

> [!WARNING] > The Logic Gap: The problem is that not all endpoints backed by this interceptor actually forwarded requests to the Kubernetes API in a way that verified the token. Endpoints like GetConfig() used an internal privileged client or local data, meaning the "junk" token was never challenged. It was accepted as valid credentials for a "Kubernetes User."

The Code: The Smoking Gun

Let's look at the vulnerable code in internal/server/option/auth.go. This is a classic example of implicit trust.

// BEFORE: Vulnerable Logic
untrustedClaims := jwt.RegisteredClaims{}
if _, _, err := a.parseUnverifiedJWTFn(rawToken, &untrustedClaims); err != nil {
    // This token isn't a JWT, so it's probably an opaque bearer token for the
    // Kubernetes API server. Just run with it.
    return user.ContextWithInfo(
        ctx,
        user.Info{
            BearerToken: rawToken,
        },
    ), nil
}

The comment literally says "Just run with it." In security auditing, this is what we call a "resume-generating comment."

The fix introduces a fail-closed mechanism. Instead of assuming the token is valid, Kargo now performs a "canary" request to the Kubernetes API to verify it.

// AFTER: Patched Logic
if _, _, err := a.parseUnverifiedJWTFn(rawToken, &untrustedClaims); err != nil {
    // Validate the token against the K8s API before trusting it
    if err := a.verifyKubernetesToken(ctx, rawToken); err != nil {
        return nil, connect.NewError(connect.CodeUnauthenticated, err)
    }
    // If K8s says 200 OK, then we proceed.
    return user.ContextWithInfo(...)
}

The Exploit: "Open Sesame"

Exploiting this requires zero technical sophistication. You don't need to forge a signature. You don't need a leaked secret. You just need a non-empty string.

Because the parser fails on anything that isn't a JWT, passing a garbage string triggers the vulnerable "It must be a K8s token" path. Since the GetConfig endpoint doesn't validate the token against K8s, you get full access.

The Attack Chain:

  1. Target: Identify the Kargo API (e.g., port 8080 or 443).
  2. Payload: A simple GET request with a dummy Bearer token.
curl -k -X GET https://kargo.target.local/api/v1alpha1/config \
     -H "Authorization: Bearer I_AM_A_HACKER"
  1. Result: The server returns 200 OK with a JSON payload containing internal cluster configurations, Argo CD endpoints, and namespace details.

It is effectively a skeleton key made of cardboard. As long as you present something, the door opens.

The Impact: DoS and Disclosure

Why should you care about a CVSS 6.9?

1. Information Disclosure: The GetConfig() endpoint leaks the topography of your delivery pipeline. Attackers can learn where your clusters are located and how your applications are partitioned. This is the reconnaissance phase of a much larger attack.

2. Denial of Service (The Infinite Loop): The RefreshResource endpoint is also vulnerable. An attacker can hammer this endpoint with a script.

Each request triggers a reconciliation loop in Kargo. If an attacker floods this endpoint, they force the Kargo controller to constantly attempt to reconcile resources, spiking CPU usage and potentially overwhelming the underlying Kubernetes API server with status update requests. It's a fantastic way to burn your cloud budget or freeze your deployment pipeline during a critical release.

Official Patches

AkuityGitHub Security Advisory

Fix Analysis (3)

Technical Appendix

CVSS Score
6.9/ 10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:L

Affected Systems

Kargo API Server

Affected Versions Detail

Product
Affected Versions
Fixed Version
Kargo
Akuity
< 1.6.31.6.3
Kargo
Akuity
1.7.0 - 1.7.61.7.7
Kargo
Akuity
1.8.0 - 1.8.61.8.7
AttributeDetail
CWE IDCWE-863 (Incorrect Authorization)
CVSS Score6.9 (Medium)
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
Exploit StatusPoc Available

MITRE ATT&CK Mapping

T1078Valid Accounts
Initial Access
T1592Gather Victim Host Information
Discovery
T1499Endpoint Denial of Service
Impact
CWE-863
Incorrect Authorization

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Known Exploits & Detection

InternalSending 'Authorization: Bearer <random>' to /api/v1alpha1/config

Vulnerability Timeline

Initial partial fix for DoS reconciliation loops
2026-01-20
Complete Auth Interceptor fix committed
2026-01-26
Public Disclosure (GHSA Published)
2026-01-27

References & Sources

  • [1]GHSA Advisory
  • [2]NVD Detail

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 2 hours ago•CVE-2026-48861
2.1

CVE-2026-48861: HTTP Request Splitting and Smuggling via Method Parameter CRLF Injection in Elixir Mint

CVE-2026-48861 is a client-side HTTP request-line CRLF (Carriage Return Line Feed) injection vulnerability in the popular Elixir HTTP client library, Mint. The vulnerability permits HTTP Request Splitting and HTTP Request Smuggling when an application forwards untrusted, attacker-controlled inputs to Mint's HTTP client requests as either the HTTP request method or target. By embedding CRLF characters within these parameters, an attacker can terminate the request line prematurely, inject malicious headers, or pipeline entirely independent requests. These smuggled requests are then processed by upstream or downstream proxy servers as separate HTTP queries on the same TCP connection. While Mint version 1.7.0 introduced target validation to secure the request target, the HTTP request method parameter remained completely unvalidated. This flaw allows attackers to bypass routing filters, access restricted internal APIs, or poison HTTP caches under default configurations.

Amit Schendel
Amit Schendel
3 views•7 min read
•about 2 hours ago•CVE-2026-49753
6.3

CVE-2026-49753: HTTP Request/Response Smuggling via Inconsistent Content-Length Parsing in Elixir Mint Client

An Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) vulnerability in the Elixir Mint HTTP client allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections due to over-lenient parsing of sign-prefixed Content-Length headers.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 3 hours ago•CVE-2026-49754
8.2

CVE-2026-49754: Denial of Service via Unbounded HTTP/2 CONTINUATION Frame Accumulation in Elixir Mint

An allocation of resources without limits or throttling vulnerability in Elixir Mint allows an attacker-controlled HTTP/2 server to exhaust memory in a Mint client. The vulnerability is exploited by sending a HEADERS frame without the END_HEADERS flag followed by an infinite stream of CONTINUATION frames. Because the client lacks limits on the incoming header-block accumulator, the client continuously consumes memory until an out-of-memory crash occurs.

Amit Schendel
Amit Schendel
6 views•6 min read
•about 3 hours ago•CVE-2026-48596
2.1

CVE-2026-48596: Improper Neutralization of CRLF Sequences in Elixir Tesla Multipart HTTP Client

CVE-2026-48596 is an Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting, CWE-113) in the Elixir Tesla HTTP client. The flaw resides in how multipart content-type parameters are joined and serialized, enabling attackers to inject arbitrary headers or split HTTP requests when applications pass untrusted inputs to the parameters of multipart uploads.

Alon Barad
Alon Barad
4 views•6 min read
•about 4 hours ago•CVE-2026-48594
8.2

CVE-2026-48594: Decompression Bomb Denial of Service in Elixir Tesla HTTP Client

An improper handling of highly compressed data (decompression bomb) vulnerability exists in the Elixir Tesla HTTP client when utilizing response decompression middlewares. By serving highly compressed responses or stacked content-encoding headers, a malicious server can cause arbitrary heap exhaustion, leading to a denial of service (DoS) crash in the BEAM virtual machine.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 4 hours ago•CVE-2026-48595
8.2

CVE-2026-48595: Cross-Origin Credential Leakage in Elixir Tesla Client via Case-Sensitive Redirect Filter Bypass

A high-severity security vulnerability in Elixir's Tesla HTTP client library (CVE-2026-48595) allows unauthenticated remote attackers to harvest sensitive credentials, including Authorization headers and cookies. The flaw resides in the 'Tesla.Middleware.FollowRedirects' component, which performs case-sensitive lookups when stripping credentials during cross-origin redirects. Because HTTP headers are case-insensitive by RFC specifications, standard canonical casing (e.g., 'Authorization') bypasses the lowercase-only blocklist, leaking tokens to untrusted external redirect destinations.

Alon Barad
Alon Barad
5 views•5 min read