BIT-ARGO-WORKFLOWS-2026-42295 Argo Workflows: Exposure of artifact repository credentials

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

BIT-ARGO-WORKFLOWS-2026-42294 Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

BIT-ARGO-WORKFLOWS-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: apko, xeol, flux-image-automation-controller, trivy-operator, gitea, grafana-alloy, grype, argo-cd, melange, external-secrets-operator, src-fingerprint, kargo, argocd-image-updater, grafana, kaniko, kyverno, pulumi-kubernetes-operator, k9s, pulumi-language-java,...

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: apko, xeol, flux-image-automation-controller, trivy-operator, gitea, grafana-alloy, grype, argo-cd, melange, external-secrets-operator, src-fingerprint, kargo, argocd-image-updater, grafana, kaniko, kyverno, pulumi-kubernetes-operator, k9s, pulumi-language-java,...

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: zot, argocd-image-updater, trivy-fips, skaffold, rancher-fleet, kaniko, apko, coder-fips, src-fingerprint, kargo, flux-image-automation-controller, kyverno-fips, pulumi-language-java, snyk-cli, trufflehog-fips, gomplate-fips, syft-fips, gitlab-runner,...

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: zot, argocd-image-updater, trivy-fips, skaffold, rancher-fleet, kaniko, apko, coder-fips, src-fingerprint, kargo, flux-image-automation-controller, kyverno-fips, pulumi-language-java, snyk-cli, trufflehog-fips, gomplate-fips, syft-fips, gitlab-runner,...

PT-2026-40272

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

PT-2026-40269

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

PT-2026-40273

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/sync cm.go performs zero authorization checks on all CRUD operations create, read,...

PT-2026-40271

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

PT-2026-40270

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

CVE-2026-42880

A flaw was found in Argo CD, a GitOps continuous delivery tool for Kubernetes. A missing authorization and data-masking gap in the ServerSideDiff endpoint allows an attacker with read-only access to extract sensitive Kubernetes Secret data. This information disclosure occurs by leveraging the...

BIT-ARGO-CD-2026-42880 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...

CVE-2026-44728 vulnerabilities

Vulnerabilities for packages: argo-workflows, vitess...

GHSA-FV7C-FP4J-7GWP vulnerabilities

Vulnerabilities for packages: argo-workflows, vitess...

CVE-2026-6322 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard, kibana, saf, prism, keep, tileserver-gl, langfuse-fips, opensearch-dashboards-fips, keep-fips, wazuh-dashboard-fips, argo-workflows, langfuse, tileserver-gl-fips, arangodb, vitess, opensearch-dashboards...

GHSA-FV7C-FP4J-7GWP vulnerabilities

Vulnerabilities for packages: emscripten, vitess, argo-workflows...

CVE-2026-44728 vulnerabilities

Vulnerabilities for packages: emscripten, vitess, argo-workflows...

GHSA-V39H-62P7-JPJC vulnerabilities

Vulnerabilities for packages: wazuh-dashboard, kibana, saf, prism, keep, tileserver-gl, langfuse-fips, opensearch-dashboards-fips, keep-fips, wazuh-dashboard-fips, argo-workflows, langfuse, tileserver-gl-fips, arangodb, vitess, opensearch-dashboards...