GHSA-594f-3595-c47v: Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121

March 18, 2026

The terraform-provider-argocd might have been vulnerable to GO-2026-4337 / CVE-2025-68121 (“Unexpected session resumption in crypto/tls”).

References

github.com/advisories/GHSA-594f-3595-c47v
github.com/argoproj-labs/terraform-provider-argocd
github.com/argoproj-labs/terraform-provider-argocd/commit/b3364f3f32e70f1563c5f3162d370db704430294
github.com/argoproj-labs/terraform-provider-argocd/security/advisories/GHSA-594f-3595-c47v

Code Behaviors & Features

Detect and mitigate GHSA-594f-3595-c47v with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →