VYPR
Medium severityNVD Advisory· Published May 8, 2026· Updated May 13, 2026

CVE-2026-42350

CVE-2026-42350

Description

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Akuity/Kargoinferred2 versions
    <1.7.10, >=1.8.0,<1.8.13, >=1.9.0,<1.9.8, >=1.10.0,<1.10.2+ 1 more
    • (no CPE)range: <1.7.10, >=1.8.0,<1.8.13, >=1.9.0,<1.9.8, >=1.10.0,<1.10.2
    • (no CPE)range: <1.7.10 || >=1.8.0 <1.8.13 || >=1.9.0 <1.9.8 || >=1.10.0 <1.10.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.