The Argo CD project just released new versions of all the supported branches for fixing a critical security issue, CVE-2025-47933 Argo CD allows cross-site scripting on repositories page. This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository.
The Argo CD project has already released fixed versions for the Argo CD UI:
Tanzu Application Catalog already built from source, verified and released all the supported versions and supported Linux distributions in less than 2h.