Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 12:22 p.m.5 views

CVE-2026-46680

A flaw was found in containerd, an open-source container runtime. Containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This vulnerability allows a crafted container image to bypass the Kubernetes runAsNonRoot restrictio...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.4AI score0.00424EPSS
Exploits2References1
NVD
NVD
added 2026/05/09 4:16 a.m.26 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS0.00424EPSS
Exploits2References7
CVE
CVE
added 2026/05/09 3:52 a.m.25 views

CVE-2026-42296

Argo Workflows CVE-2026-42296 describes a bypass for templateReferencing: Strict that lets users with create Workflow access obtain host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. Root ca...

8.1CVSS7.1AI score0.00424EPSS
Exploits2References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/09 3:52 a.m.11 views

CVE-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS7.1AI score0.00424EPSS
Exploits2References4
EUVD
EUVD
added 2026/05/09 3:52 a.m.14 views

EUVD-2026-28894

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.7AI score0.00424EPSS
Exploits2References4
Snyk
Snyk
added 2026/05/04 8:11 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.8AI score0.00424EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/04 8:11 p.m.15 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.8AI score0.00424EPSS
Exploits2References2
Rows per page
Query Builder