CVE-2026-32828: Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Kargo’s built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits requests to link-local addresses, for which there are no known, legitimate use cases. Of particular concern is the cloud instance metadata endpoint (often 169.254.169.254), which is unauthenticated and can expose sensitive configuration data including IAM credentials. While cloud providers typically implement header-based SSRF mitigations for these endpoints, the http step provides full control over request method and headers, rendering these protections ineffective. The http-download step provides control over headers only (not method), but this is still sufficient for exfiltrating data from metadata endpoints.

There are two vectors for exploitation. A user with permission to create or update a Stage can configure its promotion template to include malicious http or http-download steps. Alternatively, a user with promote permission on any Stage can craft a Promotion resource directly. In either case, the controller executes the steps in-cluster, and response data can be inserted into Promotion status fields, written to a Git repository, or sent to a remote location using a second instance of the http step.

The remediation for this issue is the introduction of a safe HTTP transport that refuses to dial link-local addresses. Requests to private and internal addresses will continue to be permitted, as this is by design. It is the responsibility of services at such addresses to implement proper authentication and authorization, and/or the responsibility of platform teams to define and enforce network policies that restrict traffic appropriately.