CVE-2026-42350
Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2.
| CWE | CWE-601 |
| Vendor | akuity |
| Product | kargo |
| Published | May 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for akuity kargo
Be the first to know when new unknown vulnerabilities affecting akuity kargo are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
akuity / kargo
< 1.7.10 >= 1.8.0-rc.1, < 1.8.13 >= 1.9.0-rc.1, < 1.9.8 >= 1.10.0-rc.1, < 1.10.2