CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/09 3:44 a.m.•4 views

CVE-2026-42183

2.3CVSS5.7AI score0.00059EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/05/09 3:44 a.m.•39 views

CVE-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

2.3CVSS0.00059EPSS

Vulnrichment•added 2026/05/09 3:44 a.m.•3 views

CVE-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

2.3CVSS5.7AI score0.00059EPSS

CVE•added 2026/05/09 3:44 a.m.•7 views

CVE-2026-42183

CVE-2026-42183 affects Argo Workflows (versions 4.0.0–4.0.4) where a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() can cause a denial of service for SSO users when SSO_DELEGATE_RBAC_TO_NAMESPACE is true. The issue arises for claims matching a namespace-level RBAC rule b...

6.5CVSS5.7AI score0.00059EPSS

Exploits1References3Affected Software1

EUVD•added 2026/05/09 3:42 a.m.•6 views

EUVD-2026-28895

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...

ATTACKERKB•added 2026/05/09 3:42 a.m.•4 views

CVE-2026-42297

Exploits1References4Affected Software1

Vulnrichment•added 2026/05/09 3:42 a.m.•3 views

CVE-2026-42297 Argo Workflows Is Missing Authorization in Sync ConfigMap Provider

Cvelist•added 2026/05/09 3:42 a.m.•36 views

CVE-2026-42297 Argo Workflows Is Missing Authorization in Sync ConfigMap Provider

8.5CVSS0.00016EPSS

CVE•added 2026/05/09 3:42 a.m.•12 views

CVE-2026-42297

CVE-2026-42297 concerns Argo Workflows, where the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) allows zero authorization checks on all CRUD operations. From 4.0.0 up to just before 4.0.5, any authenticated user (including fake Bearer tokens) could create, read, update, or del...

Exploits1References3Affected Software1

CNNVD•added 2026/05/09 12:0 a.m.•4 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 3.7.14 and 4.0.5 contained security vulnerabilities. These vulnerabilities stemmed from users with permission to create Workflows being able to bypass the...

8.1CVSS5.8AI score0.0004EPSS

CNNVD•added 2026/05/09 12:0 a.m.•5 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 3.7.14 and 4.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the Webhook Interceptor, which loaded the entire request body into...

8.2CVSS5.8AI score0.00059EPSS

CNNVD•added 2026/05/09 12:0 a.m.•6 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had a security vulnerability. This vulnerability stemmed from the fact that the workflow executor recorded all workpiece repository credentials in...

8.5CVSS5.8AI score0.00046EPSS

CNNVD•added 2026/05/09 12:0 a.m.•5 views

Argo Workflows 代码问题漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had code vulnerabilities. These vulnerabilities stemmed from a null pointer dereferencing in the rbcAuthorization function in...

6.5CVSS5.9AI score0.00059EPSS

CNNVD•added 2026/05/09 12:0 a.m.•5 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had a security vulnerability. This vulnerability stemmed from the ConfigMap-backed provider in the Sync Service not performing authorization checks...

8.5CVSS5.8AI score0.00016EPSS