BIT-ARGO-WORKFLOWS-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

GHSA-5JV8-H7QH-RF5P Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

CVE-2026-40886

The CVE describes an unchecked array index in Argo Workflows’ pod informer, specifically in podGCFromPod(), which can cause a controller-wide panic when a workflow pod has a malformed workflows.argoproj.io/pod-gc-strategy annotation. Affected versions span 3.6.5 through 4.0.4, with the panic occu...

Argo Workflows 输入验证错误漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 3.6.5 to 4.0.4 of Argo Workflows contain a vulnerability related to input validation errors. This vulnerability stems from insufficient array index checking in the podGCFromPod...

CVE-2026-21525

creationtimestamp| type| source ---|---|--- 2026-02-10 17:30:28+00:00| seen| https://www.thezdi.com/blog/2026/2/10/the-february-2026-security-update-review 2026-02-10 18:01:45+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0053 2026-02-10 18:53:06+00:00| seen|...

CVE-2026-21514

creationtimestamp| type| source ---|---|--- 2026-02-10 17:30:28+00:00| seen| https://www.thezdi.com/blog/2026/2/10/the-february-2026-security-update-review 2026-02-10 18:11:42+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0058 2026-02-10 18:53:06+00:00| seen|...

GHSA-G5P3-F4CQ-94V5

creationtimestamp| type| source ---|---|--- 2026-01-29 21:15:25+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/115980456736557020...

GHSA-M3H4-65J5-6J8C

creationtimestamp| type| source ---|---|--- 2026-01-29 20:49:13+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/115980353620259404...

GHSA-232V-J27C-5PP6

creationtimestamp| type| source ---|---|--- 2026-01-22 00:48:52+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/115935997438542873 2026-01-22 00:51:09+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/115936006347966952 2026-01-24 21:24:05+00:00| seen|...

GHSA-JM76-5G2J-P4HP

creationtimestamp| type| source ---|---|--- 2026-01-20 22:45:40+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/115929850738126657...

CVE-2025-65185

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...

EUVD-2025-203899

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...

CVE-2025-65185

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...

CVE-2025-65185

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses...

PT-2025-51839

Name of the Vulnerable Software and Affected Versions Entrinsik Informer version 5.10.1 Description A malicious user can enumerate usernames through local user login. This is achieved by entering an OTP code and a new password, then analyzing the application's responses. Recommendations At the...

Entrinsik Informer 安全漏洞

Entrinsik Informer is a business intelligence and data analytics platform from US-based Entrinsik. A security vulnerability exists in Entrinsik Informer version 5.10.1, which stems from the presence of username enumeration at local user login, which could lead to a malicious user enumerating user...