SUSE CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the podSpecPatch when including a podSpecPatch field in their Workflow submission. An attacker can override security restrictions defined in approved templates by submitting a workflow that includes a crafted...

Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...

GHSA-3WF5-G532-RCRR Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

CVE-2026-31892

Argo Workflows (open source container-native workflow engine for Kubernetes) contains a vulnerability in which a user who can submit Workflows can bypass all security settings defined in a WorkflowTemplate by supplying a podSpecPatch in the submitted Workflow. The podSpecPatch overrides the refer...

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 4.0.2 and 3.7.11 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to bypass all security settings in the...