Lucene search
K

8 matches found

Snyk
Snyk
added 2026/04/24 2:31 a.m.3 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...

8.3CVSS5.5AI score0.00377EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 2:31 a.m.2 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...

8.3CVSS5.5AI score0.00377EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/23 9:39 p.m.9 views

Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2026/04/23 9:39 p.m.7 views

GHSA-5JV8-H7QH-RF5P Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:12 p.m.7 views

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/23 6:12 p.m.38 views

CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

7.7CVSS0.00377EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 6:12 p.m.19 views

CVE-2026-40886

The CVE describes an unchecked array index in Argo Workflows’ pod informer, specifically in podGCFromPod(), which can cause a controller-wide panic when a workflow pod has a malformed workflows.argoproj.io/pod-gc-strategy annotation. Affected versions span 3.6.5 through 4.0.4, with the panic occu...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34719

Name of the Vulnerable Software and Affected Versions Argo Workflows versions 3.6.5 through 3.6.19 Argo Workflows versions 3.7.0-rc1 through 3.7.12 Argo Workflows versions 4.0.0-rc1 through 4.0.4 Description An unchecked array index in the pod informer's podGCFromPod function causes a...

7.7CVSS5.1AI score0.00377EPSS
Exploits1References10
Rows per page
Query Builder