VDB

GO-2025-3993

GO-2025-3993 PUBLISHED

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd

Affected Products

VendorProductVersions
github.comargoproj/argo-cd/v33.1.0-rc1, 3.2.0-rc1, 3.0.0-rc1
github.comargoproj/argo-cd1.2.0, 1.2.0
github.comargoproj/argo-cd/v20, 0

Timeline

  • Oct 23, 2025 CVE Published
  • Apr 20, 2026 CVE Updated
  • May 1, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›