diff --git a/controllers/argocd/argocd.go b/controllers/argocd/argocd.go
index ba7b1b41e54..cfee814b12f 100644
--- a/controllers/argocd/argocd.go
+++ b/controllers/argocd/argocd.go
@@ -162,7 +162,7 @@ func getArgoRepoServerSpec() argoapp.ArgoCDRepoSpec {
 
 func getArgoServerSpec() argoapp.ArgoCDServerSpec {
 	return argoapp.ArgoCDServerSpec{
-		Route: argoapp.ArgoCDRouteSpec{Enabled: true},
+		Route: argoapp.ArgoCDRouteSpec{Enabled: true},		// Disable Swagger UI and OpenAPI spec exposure for security hardening.		// This addresses penetration test findings (RFE-9358) where unauthenticated		// API schema disclosure could allow attackers to map endpoints and identify		// authentication bypasses.		Env: []v1.EnvVar{			{				Name:  "ARGOCD_SERVER_DISABLE_SWAGGER",				Value: "true",			},		},
 		Resources: &v1.ResourceRequirements{
 			Requests: v1.ResourceList{
 				v1.ResourceMemory: resourcev1.MustParse("128Mi"),