Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had a security vulnerability. This vulnerability stemmed from the ConfigMap-backed provider in the Sync Service not performing authorization checks...

claude-skills-exploit

Security Research Skills Reusable skills for vulnerability an...

CVE-2026-44338

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

web-app-pentest-playbook

Web Application Pentest Playbook A structured methodology and...

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector, commercial-chainloop-backend, k3s, ldap2pg, grafana-alloy-fips, gitaly, kubeflow-pipelines, step-issuer-fips, temporal, sqlexporter, sqlexporter-fips, temporal-server, argo-workflows, spire-server, caddy, gitlab-cng-fips, cloudprober-fips,...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: kubescape-server-fips, trufflehog, flux-fips, grafana-alloy-fips, redpanda-console, kyverno-fips, act, gitaly, gomplate-fips, terragrunt-fips, commercial-chainloop-cli, k9s, trivy, xeol, flux-image-automation-controller, kaniko, rancher-fleet, kots,...

CVE-2026-41907 vulnerabilities

Vulnerabilities for packages: dbgate, npm, wazuh-dashboard-fips, kubeflow-pipelines, prism, jitsucom-jitsu, argo-workflows, librechat, kibana, renovate, redisinsight, wazuh-dashboard, saf, gemini-cli, sqlpad, kubeflow-centraldashboard, homepage, langfuse, opensearch-dashboards, dbgate-fips,...

[SECURITY] Fedora 43 Update: forgejo-runner-12.7.3-2.fc43

The Forgejo Runner is a daemon that fetches workflows to run from a Forgejo i nstance, executes them, sends back with the logs and ultimately reports its success or failure...

CVE-2026-41907 vulnerabilities

Vulnerabilities for packages: jitsucom-jitsu, code-server, prism, renovate, saf, opensearch-dashboards, sqlpad, kubeflow-pipelines, langfuse, argo-workflows, npm, kubeflow-centraldashboard...

GHSA-7VF8-2CR6-54MF Argo vulnerable to exposure of artifact repository credentials

Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...

Argo vulnerable to exposure of artifact repository credentials

Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the addWebhookAuthorization function. An attacker can cause excessive memory allocation by sending a large request body to the publicly accessible /api/v1/events/ endpoint,...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the addWebhookAuthorization function. An attacker can cause excessive memory allocation by sending a large request body to the publicly accessible /api/v1/events/ endpoint,...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the configMapSyncProvider process. An attacker can create, read, update, or delete Kubernetes ConfigMaps containing synchronization limits by sending crafted requests with any Bearer token, including fake tokens...

CVE-2026-42226

The CVE concerns n8n, an open source workflow automation platform. Before versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workfl...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the /chatWebSocket endpoint in the Chat Trigger node’s Hosted Chat feature, which did not verify...

Evaluating Retrieval-Augmented Generation for Explainable Malware Analysis

Large Language Models LLMs are increasingly being used as security engineering tools to summarize and explain malware behavior to analysts. A common assumption is that Retrieval-Augmented Generation RAG improves explanation quality by injecting external security knowledge. In this work, we...

CVE-2026-40886

A flaw was found in Argo Workflows, an open-source system for managing tasks in Kubernetes. An attacker with appropriate permissions can trigger a system-wide crash by submitting a specially crafted workflow pod with a malformed annotation. This vulnerability leads to a persistent Denial of Servi...

Alignment Contracts for Agentic Security Systems

Agentic security systems increasingly combine LLM planners with tools that can discover, validate, and report vulnerabilities. This creates an asymmetric control problem: the system should retain strong offensive capability inside an authorized engagement, while the same capabilities must be deni...