CVE-2026-31892

Argo Workflows (open source container-native workflow engine for Kubernetes) contains a vulnerability in which a user who can submit Workflows can bypass all security settings defined in a WorkflowTemplate by supplying a podSpecPatch in the submitted Workflow. The podSpecPatch overrides the refer...

CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

CVE-2026-28229

Argo Workflows (open source container-native workflow engine for Kubernetes) is affected prior to version 4.0.2 and 3.7.11. The vulnerability affects the WorkflowTemplates and ClusterWorkflowTemplates endpoints, allowing any client with an Authorization: Bearer nothing token to retrieve sensitive...

CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the workflowtemplateserver and clusterworkflowtemplateserver components. An attacker can obtain sensitive information, such as embedded secrets and resource manifests, by sending unauthorized requests with a...

Unauthorized access to Argo Workflows Template

Summary Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. Details...

EUVD-2026-11196

Unauthorized access to Argo Workflows Template...

Argo Workflows 安全漏洞

Argo Workflows is an open-source, container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 4.0.2 and 3.7.11 contained security vulnerabilities. These vulnerabilities stemmed from the workflow template endpoints, which allowed any client to access...

PT-2026-24701

Name of the Vulnerable Software and Affected Versions Argo Workflows versions 2.9.0 through 4.0.1 Argo Workflows version 3.7.11 Description Argo Workflows is a container-native workflow engine for Kubernetes. A user who can submit Workflows can bypass security settings defined in a WorkflowTempla...

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 4.0.2 and 3.7.11 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to bypass all security settings in the...

PT-2026-24700

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 4.0.2 and 3.7.11 Description Argo Workflows, an open source container-native workflow engine for Kubernetes, has an issue where Workflow templates endpoints allow any client to retrieve WorkflowTemplates and...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller-fips, gatekeeper, policy-bot, tofu-controller-fips, percona-server-mongodb-operator-fips, stern, prometheus-pushgateway, yunikorn-k8shim, wgcf, aws-ebs-csi-driver-fips, dex-k8s-authenticator, nri-jmx, flux-image-reflector-controller,...

GHSA-RV83-G57W-FR8J vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller-fips, gatekeeper, policy-bot, tofu-controller-fips, percona-server-mongodb-operator-fips, stern, prometheus-pushgateway, yunikorn-k8shim, wgcf, aws-ebs-csi-driver-fips, dex-k8s-authenticator, nri-jmx, flux-image-reflector-controller,...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller-fips, gatekeeper, policy-bot, tofu-controller-fips, prometheus-pushgateway, yunikorn-k8shim, aws-ebs-csi-driver-fips, dex-k8s-authenticator, skopeo-fips, flux-image-reflector-controller, crossplane-provider-aws-kms, tflint-fips,...

CVE-2026-29063 vulnerabilities

Vulnerabilities for packages: vitess, argo-workflows, rancher-api-ui...

GHSA-WF6X-7X77-MVGW vulnerabilities

Vulnerabilities for packages: vitess, argo-workflows, rancher-api-ui...

GHSA-WF6X-7X77-MVGW vulnerabilities

Vulnerabilities for packages: rancher-api-ui, vitess, argo-workflows...