CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

EUVD-2026-26726

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

CVE-2026-43824

Vulnerability summary (CVE-2026-43824) : In Argo CD, versions 3.2.0 up to (but not including) 3.2.11 and 3.3.0 up to (but not including) 3.3.9 expose cleartext Kubernetes Secret data via ServerSideDiff. This is the underlying issue described by the CVE, with the impact stated as exposure of secre...

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

PT-2026-36558

Name of the Vulnerable Software and Affected Versions Argo CD versions 3.2.0 through 3.2.10 Argo CD versions 3.3.0 through 3.3.8 Description The 'ServerSideDiff' endpoint allows the disclosure of cleartext Kubernetes Secret data. This occurs when the IncludeMutationWebhook variable is set to true...

Argo CD 安全漏洞

Argo CD is an open-source tool developed by Argo for Kubernetes, designed for declarative GitOps continuous delivery. There were security vulnerabilities in versions of Argo CD between 3.2.0 and 3.2.11, as well as between 3.3.0 and 3.3.9. These vulnerabilities stemmed from ServerSideDiff allowing...

CVE-2026-40886

A flaw was found in Argo Workflows, an open-source system for managing tasks in Kubernetes. An attacker with appropriate permissions can trigger a system-wide crash by submitting a specially crafted workflow pod with a malformed annotation. This vulnerability leads to a persistent Denial of Servi...

BIT-ARGO-WORKFLOWS-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...

EUVD-2026-25267

Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller...

Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

GHSA-5JV8-H7QH-RF5P Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

GHSA-W5HQ-G745-H8PQ vulnerabilities

Vulnerabilities for packages: jitsucom-jitsu, langfuse, prism, saf, sqlpad, kubeflow-pipelines, npm, kubeflow-centraldashboard, argo-workflows, renovate, code-server, opensearch-dashboards...

GHSA-J88V-2CHJ-QFWX vulnerabilities

Vulnerabilities for packages: openbao, kube-bench, keda, juicefs, src, spicedb, telegraf, temporal, rke2-cloud-provider, pgtimetable, flyte, temporal-server, dapr, certificate-transparency, timescaledb-parallel-copy, amass, grafana, steampipe, step-ca, kine, falcosidekick,...

GHSA-W5HQ-G745-H8PQ vulnerabilities

Vulnerabilities for packages: saf, redisinsight, librechat, kubeflow-pipelines, kubeflow-centraldashboard, opensearch-dashboards, wazuh-dashboard, kibana, dbgate-fips, prism, langfuse-fips, gemini-cli, opensearch-dashboards-fips, argo-workflows, renovate, npm, code-server, sqlpad,...

GHSA-J88V-2CHJ-QFWX vulnerabilities

Vulnerabilities for packages: src, dapr, temporal-fips, seaweedfs, juicefs, step-ca-fips, cloudprober-fips, keda, openfga-fips, sftpgo-plugin-eventsearch, spicedb-fips, sqlexporter-fips, bento-fips, keda-fips, pgtimetable, vault, opentelemetry-collector-contrib-fips, vault-fips, envoy-gateway-fip...

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...