Lucene search
+L

8 matches found

snyk
snyk
added 2026/04/24 2:31 a.m.2 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...

8.3CVSS5.5AI score0.00377EPSS
Exploits1References2
snyk
snyk
added 2026/04/24 2:31 a.m.3 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...

8.3CVSS5.5AI score0.00377EPSS
Exploits1References2
osv
osv
added 2026/04/23 9:39 p.m.8 views

GHSA-5JV8-H7QH-RF5P Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References3
github
github
added 2026/04/23 9:39 p.m.12 views

Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller

Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References3Affected Software2
attackerkb
attackerkb
added 2026/04/23 6:12 p.m.7 views

CVE-2026-40886

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References2Affected Software1
cve
cve
added 2026/04/23 6:12 p.m.23 views

CVE-2026-40886

The CVE describes an unchecked array index in Argo Workflows’ pod informer, specifically in podGCFromPod(), which can cause a controller-wide panic when a workflow pod has a malformed workflows.argoproj.io/pod-gc-strategy annotation. Affected versions span 3.6.5 through 4.0.4, with the panic occu...

7.7CVSS5.8AI score0.00377EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2026/04/23 6:12 p.m.41 views

CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...

7.7CVSS0.00377EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.8 views

PT-2026-34719

Name of the Vulnerable Software and Affected Versions Argo Workflows versions 3.6.5 through 3.6.19 Argo Workflows versions 3.7.0-rc1 through 3.7.12 Argo Workflows versions 4.0.0-rc1 through 4.0.4 Description An unchecked array index in the pod informer's podGCFromPod function causes a...

7.7CVSS5.1AI score0.00377EPSS
Exploits1References10
Rows per page
Query Builder