CVE-2026-40886— Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40886
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
Source: NVD (National Vulnerability Database)
Vulnerability Description
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine (outside the controller's recover() scope), it crashes the entire controller process. The poisoned pod persists across restarts, causing a crash loop that halts all workflow processing until the pod is manually deleted. This vulnerability is fixed in 4.0.5 and 3.7.14.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数组索引的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Argo Workflows 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Argo Workflows是Argo项目的一个用于 Kubernetes 的开源容器原生工作流引擎。 Argo Workflows 3.6.5版本至4.0.4版本存在输入验证错误漏洞,该漏洞源于pod informer的podGCFromPod函数中数组索引未检查,可能导致控制器进程崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| argoproj | argo-workflows | >= 4.0.0, < 4.0.5 | - |
II. Public POCs for CVE-2026-40886
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40886
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: argo-workflows
- CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2026-42295
Argo Workflows: Exposure of artifact repository credentials - CVE-2026-42294
Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in W - CVE-2026-42183
Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference - CVE-2026-42297
Argo Workflows Is Missing Authorization in Sync ConfigMap Pr
Same vendor: argoproj
- CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2026-42295
Argo Workflows: Exposure of artifact repository credentials - CVE-2026-42294
Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in W - CVE-2026-42183
Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference - CVE-2026-42297
Argo Workflows Is Missing Authorization in Sync ConfigMap Pr
Same weakness: CWE-129
- CVE-2026-41643
GoBGP: Remote Denial of Service (Panic) in UpdatePathAttrs4B - CVE-2026-40251
Incus out-of-bounds panic in snapshot metadata handling allo - CVE-2026-6840
ONE 输入验证错误漏洞 - CVE-2026-40097
Step CA affected by an index out of bounds panic in TPM atte - CVE-2026-34942
Wasmtime panics when transcoding misaligned utf-16 strings
V. Comments for CVE-2026-40886
No comments yet