Argoproj

Argo Workflows

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-42296

Exploit
  • EPSS 0.04%
  • Veröffentlicht 09.05.2026 03:52:03
  • Zuletzt bearbeitet 15.05.2026 19:39:46

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network acc...

4.9

CVE-2026-42295

Exploit
  • EPSS 0.04%
  • Veröffentlicht 09.05.2026 03:48:02
  • Zuletzt bearbeitet 15.05.2026 19:40:36

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, ...

7.5

CVE-2026-42294

Exploit
  • EPSS 0.05%
  • Veröffentlicht 09.05.2026 03:45:48
  • Zuletzt bearbeitet 14.05.2026 18:34:34

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request o...

6.5

CVE-2026-42183

Exploit
  • EPSS 0.05%
  • Veröffentlicht 09.05.2026 03:44:10
  • Zuletzt bearbeitet 14.05.2026 18:40:00

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() causes a panic (de...

8.3

CVE-2026-42297

Exploit
  • EPSS 0.04%
  • Veröffentlicht 09.05.2026 03:42:43
  • Zuletzt bearbeitet 15.05.2026 19:26:07

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authoriza...

7.7

CVE-2026-40886

Exploit
  • EPSS 0.05%
  • Veröffentlicht 23.04.2026 18:12:05
  • Zuletzt bearbeitet 28.04.2026 14:09:25

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a workflo...

8.1

CVE-2026-31892

Exploit
  • EPSS 0.04%
  • Veröffentlicht 11.03.2026 15:41:14
  • Zuletzt bearbeitet 17.03.2026 19:17:55

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowT...

7.5

CVE-2026-28229

Exploit
  • EPSS 0.06%
  • Veröffentlicht 11.03.2026 15:37:47
  • Zuletzt bearbeitet 20.03.2026 14:27:59

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). An...

5.4

CVE-2026-23960

Exploit
  • EPSS 0.06%
  • Veröffentlicht 21.01.2026 22:15:50
  • Zuletzt bearbeitet 17.02.2026 16:56:21

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScri...

7.5

CVE-2025-66626

Exploit
  • EPSS 0.1%
  • Veröffentlicht 09.12.2025 20:19:14
  • Zuletzt bearbeitet 19.12.2025 19:14:03

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely...