kargo — Vulnerabilities & Security Advisories 4

All 4 CVE vulnerabilities found in kargo, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-32828	Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration CWE-918	9.1	-	2026-03-20
CVE-2026-27112	Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints CWE-863	8.2^AI	High^AI	2026-02-20
CVE-2026-27111	Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints CWE-862	8.1^AI	High^AI	2026-02-20
CVE-2026-24748	Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access CWE-863	5.3^AI	Medium^AI	2026-01-27

All 4 known CVE vulnerabilities affecting kargo with full Chinese analysis, references, and POCs where available.