Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

argo-workflows — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in argo-workflows, with AI-generated Chinese analysis, references, and POCs.

Vendor: argoproj

CVE IDTitleCVSSSeverityPublished
CVE-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure CWE-863 8.1 High2026-05-09
CVE-2026-42295 Argo Workflows: Exposure of artifact repository credentials CWE-522 8.1AIHighAI2026-05-09
CVE-2026-42294 Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor CWE-770 6.5AIMediumAI2026-05-09
CVE-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) CWE-476 6.5AIMediumAI2026-05-09
CVE-2026-42297 Argo Workflows Is Missing Authorization in Sync ConfigMap Provider CWE-862 8.8AIHighAI2026-05-09
CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller CWE-129 7.7 High2026-04-23
CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode CWE-863 8.8 -2026-03-11
CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template CWE-863 9.8 Critical2026-03-11
CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing CWE-79 5.4AIMediumAI2026-01-21
CVE-2025-66626 argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links CWE-23 8.1 High2025-12-09
CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs CWE-522 8.1AIHighAI2025-10-14
CVE-2025-62156 argo-workflows Zip Slip path traversal allows arbitrary file write and container configuration overwrite CWE-22 8.1 High2025-10-14
CVE-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode CWE-200 9.1 -2024-12-02
CVE-2024-47827 Argo Workflows Controller: Denial of Service via malicious daemon Workflows CWE-362 5.7 Medium2024-10-28
CVE-2022-29164 Privilege Escalation in argo-workflows CWE-269 7.1 High2022-05-05

All 15 known CVE vulnerabilities affecting argo-workflows with full Chinese analysis, references, and POCs where available.