PT-2026-37194

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.7.14 Argo Workflows versions prior to 4.0.5 Description A user with create Workflow permission can bypass the templateReferencing: Strict and Secure restrictions. This occurs because the system only blocks th...

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

GHSA-C2HV-4PFJ-MM2R Argo Workflow may expose artifact repository credentials

Summary An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read workflow-controller logs and get credentials to the artifact repository. Details An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal...

Argo Workflow may expose artifact repository credentials

Summary An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read workflow-controller logs and get credentials to the artifact repository. Details An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to workflow-controller logging configuration with credentials in plaintext. An attacker can access sensitive credentials by reading pod logs if they have permissions to view logs in the affected...

CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

CVE-2025-62157

CVE-2025-62157 affects Argo Workflows. Vulnerable in versions prior to 3.6.12 and 3.7.0–3.7.2, where artifact repository credentials are exposed in plaintext in workflow-controller logs. An attacker with pod-log access in a namespace running Argo Workflows can read these credentials. Remediation:...

CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2, which stems from workflow-controller pod logs exposing workware repository credentia...

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows version 3.6.0-rc1, which stems from a race condition in a global variable that allows any user authorized to execute workflows to crash the arg...

PT-2021-21906

Name of the Vulnerable Software and Affected Versions: Argo Workflows versions 3.1.3 and earlier Description: The issue arises when EXPRESSION TEMPLATES is enabled and untrusted users can specify input parameters for workflows. This allows an attacker to potentially disrupt a workflow because the...