Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    162 vulnerabilities by argoproj

    CVE-2026-54526 (GCVE-0-2026-54526)

    Vulnerability from nvd – Published: 2026-07-16 19:07 – Updated: 2026-07-16 19:07
    VLAI
    Title
    Argo Workflows: Incomplete fix for CVE-2026-31892: ArtifactGC.PodSpecPatch bypass of Strict/Secure templateReferencing
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 3.7.15 and 4.0.6, the allow-list fix for CVE-2026-31892 is incomplete because workflow/util/merge.go ValidateUserOverrides and SanitizeUserWorkflowSpec walk only the top-level fields of WorkflowSpec via reflection, and WorkflowSpec.ArtifactGC is allow-listed wholesale; the struct behind that field, WorkflowLevelArtifactGC, has a PodSpecPatch sub-field whose contents flow unmodified into util.ApplyPodSpecPatch on the artifact-GC pod, the same sink the original fix closed for WorkflowSpec.PodSpecPatch, so a user submitting a Workflow under templateReferencing: Strict or Secure (against a referenced WorkflowTemplate that declares an output artifact and setting spec.artifactGC.strategy: OnWorkflowCompletion) can still inject an arbitrary strategic merge patch into the artifact-GC pod, including hostPath volumes, privileged: true, arbitrary image and command, and hostNetwork: true, defeating the stated purpose of Strict/Secure reference mode. This issue is fixed in versions 3.7.15 and 4.0.6.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: < 3.7.15
    Affected: >= 4.0.0, < 4.0.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.7.15"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 3.7.15 and 4.0.6, the allow-list fix for CVE-2026-31892 is incomplete because workflow/util/merge.go ValidateUserOverrides and SanitizeUserWorkflowSpec walk only the top-level fields of WorkflowSpec via reflection, and WorkflowSpec.ArtifactGC is allow-listed wholesale; the struct behind that field, WorkflowLevelArtifactGC, has a PodSpecPatch sub-field whose contents flow unmodified into util.ApplyPodSpecPatch on the artifact-GC pod, the same sink the original fix closed for WorkflowSpec.PodSpecPatch, so a user submitting a Workflow under templateReferencing: Strict or Secure (against a referenced WorkflowTemplate that declares an output artifact and setting spec.artifactGC.strategy: OnWorkflowCompletion) can still inject an arbitrary strategic merge patch into the artifact-GC pod, including hostPath volumes, privileged: true, arbitrary image and command, and hostNetwork: true, defeating the stated purpose of Strict/Secure reference mode. This issue is fixed in versions 3.7.15 and 4.0.6."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T19:07:30.804Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-48p8-g2fx-3wwm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-48p8-g2fx-3wwm"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/277e9cef0ad16d7eaaab253573d0695951a65dbd",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/277e9cef0ad16d7eaaab253573d0695951a65dbd"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/358cc3968c8f06f1be0967e41df191088db0b662",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/358cc3968c8f06f1be0967e41df191088db0b662"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.15",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.15"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.6"
            }
          ],
          "source": {
            "advisory": "GHSA-48p8-g2fx-3wwm",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: Incomplete fix for CVE-2026-31892: ArtifactGC.PodSpecPatch bypass of Strict/Secure templateReferencing"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54526",
        "datePublished": "2026-07-16T19:07:30.804Z",
        "dateReserved": "2026-06-15T18:40:01.651Z",
        "dateUpdated": "2026-07-16T19:07:30.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45738 (GCVE-0-2026-45738)

    Vulnerability from nvd – Published: 2026-07-15 19:54 – Updated: 2026-07-16 15:12
    VLAI
    Title
    Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
    Summary
    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/* annotations whose pipe-separated values are rendered by ui/src/app/applications/components/application-summary/application-summary.tsx in the Summary tab URLs section as anchor href values without URL validation, allowing javascript: execution in a higher-privileged user's authenticated Argo CD origin session. This issue is fixed in versions 3.2.12, 3.3.10, and 3.4.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-cd Affected: < 3.2.12
    Affected: >= 3.3.0, < 3.3.10
    Affected: >= 3.4.0-rc1, < 3.4.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45738",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:51:03.406825Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:12:45.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h98r-wv3h-fr38"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-cd",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.2.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.3.0, \u003c 3.3.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.4.0-rc1, \u003c 3.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/* annotations whose pipe-separated values are rendered by ui/src/app/applications/components/application-summary/application-summary.tsx in the Summary tab URLs section as anchor href values without URL validation, allowing javascript: execution in a higher-privileged user\u0027s authenticated Argo CD origin session. This issue is fixed in versions 3.2.12, 3.3.10, and 3.4.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:54:51.634Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h98r-wv3h-fr38",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h98r-wv3h-fr38"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/00f83c41dcfd879f34f8e0248c860d704b41cf0f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/00f83c41dcfd879f34f8e0248c860d704b41cf0f"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/35ea43c537d6e8948e67f347317fc4f88b325122",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/35ea43c537d6e8948e67f347317fc4f88b325122"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/c8df5ff7acc403adcee1256da5d87081cd52f0a6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/c8df5ff7acc403adcee1256da5d87081cd52f0a6"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.2.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.2.12"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.3.10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.3.10"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.4.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.4.2"
            }
          ],
          "source": {
            "advisory": "GHSA-h98r-wv3h-fr38",
            "discovery": "UNKNOWN"
          },
          "title": "Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45738",
        "datePublished": "2026-07-15T19:54:51.634Z",
        "dateReserved": "2026-05-13T06:54:34.219Z",
        "dateUpdated": "2026-07-16T15:12:45.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45737 (GCVE-0-2026-45737)

    Vulnerability from nvd – Published: 2026-07-15 20:00 – Updated: 2026-07-16 19:14
    VLAI
    Title
    Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
    Summary
    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation because HideSecretData(target, live, ...) does not fully sanitize ResourceDiff.TargetState and LiveState predicted live Secret objects, allowing sensitive data, stringData, and annotations to appear in UI or CLI diffs. This issue is fixed in versions 3.2.12, 3.3.10, and 3.4.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-cd Affected: >= 3.2.0, < 3.2.12
    Affected: >= 3.3.9, < 3.3.10
    Affected: >= 3.4.1, < 3.4.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45737",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T19:14:28.622751Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:14:44.711Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-rg3g-4rw9-gqrp"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-cd",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.2.0, \u003c 3.2.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.3.9, \u003c 3.3.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.4.1, \u003c 3.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation because HideSecretData(target, live, ...) does not fully sanitize ResourceDiff.TargetState and LiveState predicted live Secret objects, allowing sensitive data, stringData, and annotations to appear in UI or CLI diffs. This issue is fixed in versions 3.2.12, 3.3.10, and 3.4.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:00:46.998Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-rg3g-4rw9-gqrp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-rg3g-4rw9-gqrp"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/7879e6322465080a82d152bf00f2b92e0f36c658",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/7879e6322465080a82d152bf00f2b92e0f36c658"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/87e9148320749693624d08e3d6fa2cc217c672a0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/87e9148320749693624d08e3d6fa2cc217c672a0"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/ac11bec9986807adc8886ef1181eced7347ef5c6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/ac11bec9986807adc8886ef1181eced7347ef5c6"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/bcb4298afc9fcff5f5d69f4e1db2d0a75983f42c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/bcb4298afc9fcff5f5d69f4e1db2d0a75983f42c"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.2.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.2.12"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.3.10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.3.10"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.4.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.4.2"
            }
          ],
          "source": {
            "advisory": "GHSA-rg3g-4rw9-gqrp",
            "discovery": "UNKNOWN"
          },
          "title": "Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45737",
        "datePublished": "2026-07-15T20:00:46.998Z",
        "dateReserved": "2026-05-13T06:54:34.219Z",
        "dateUpdated": "2026-07-16T19:14:44.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15416 (GCVE-0-2026-15416)

    Vulnerability from nvd – Published: 2026-07-14 08:56 – Updated: 2026-07-15 14:39
    VLAI
    Title
    Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint
    Summary
    A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-helm Affected: 0 , < 10.0.0 (semver)
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Date Public
    2026-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15416",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T14:39:38.453802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T14:39:52.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/argoproj/argo-helm",
              "defaultStatus": "unaffected",
              "packageName": "argo-helm",
              "product": "argo-helm",
              "vendor": "argoproj",
              "versions": [
                {
                  "lessThan": "10.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "odf4/odf-multicluster-rhel9-operator",
              "product": "Red Hat Openshift Data Foundation 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "openshift-gitops-1/argocd-agent-rhel8",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-gitops-1/argocd-agent-rhel9",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-gitops-1/argocd-image-updater-rhel9",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/argocd-rhel8",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "openshift-gitops-1/argocd-rhel9",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-operator-bundle",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-rhel8",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-rhel8-operator",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-gitops-1/gitops-rhel9",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-gitops-1/gitops-rhel9-operator",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T13:46:03.711Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15416"
            },
            {
              "name": "RHBZ#2496732",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496732"
            },
            {
              "url": "https://github.com/argoproj/argo-helm/commit/0f245ab"
            },
            {
              "url": "https://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8"
            },
            {
              "url": "https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html"
            },
            {
              "url": "https://www.synacktiv.com/en/publications/caught-in-the-octopus-trap-unauthenticated-rce-in-argo-cd-with-codeql"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint",
          "workarounds": [
            {
              "lang": "en",
              "value": "Limit network access to the Argo CD repo-server gRPC endpoint to trusted internal components using Kubernetes NetworkPolicy or equivalent network access controls. Do not expose the repo-server outside the cluster or to untrusted networks. Restrict access to the associated Redis service and update to a fixed version once one becomes available."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15416",
        "datePublished": "2026-07-14T08:56:29.942Z",
        "dateReserved": "2026-07-10T14:49:39.682Z",
        "dateUpdated": "2026-07-15T14:39:52.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-62185 (GCVE-0-2026-62185)

    Vulnerability from nvd – Published: 2026-07-13 21:31 – Updated: 2026-07-14 22:03 X_Open Source
    VLAI
    Title
    Argo CD Helm Chart < 10.0.0 Missing Network Policy RCE
    Summary
    Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Initialization of a Resource with an Insecure Default
    Assigner
    References
    Impacted products
    Vendor Product Version
    argoproj argo-helm Affected: 0 , < 10.0.0 (semver)
    Unaffected: 10.0.0 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 00:00
    Credits
    hugo-syn paulb-syn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-62185",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T12:48:50.419269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:48:58.982Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:github/argoproj/argo-helm",
              "product": "argo-helm",
              "repo": "https://github.com/argoproj/argo-helm",
              "vendor": "argoproj",
              "versions": [
                {
                  "lessThan": "10.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hugo-syn"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "paulb-syn"
            }
          ],
          "datePublic": "2026-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "Initialization of a Resource with an Insecure Default",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T22:03:46.962Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-47m3-95c7-g2g8)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8"
            },
            {
              "name": "VulnCheck Advisory: Argo CD Helm Chart \u003c 10.0.0 Missing Network Policy RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/argo-cd-helm-chart-missing-network-policy-rce"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "title": "Argo CD Helm Chart \u003c 10.0.0 Missing Network Policy RCE",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-62185",
        "datePublished": "2026-07-13T21:31:23.660Z",
        "dateReserved": "2026-07-13T16:36:32.095Z",
        "dateUpdated": "2026-07-14T22:03:46.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42297 (GCVE-0-2026-42297)

    Vulnerability from nvd – Published: 2026-05-09 03:42 – Updated: 2026-07-15 00:57
    VLAI
    Title
    Argo Workflows Is Missing Authorization in Sync ConfigMap Provider
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user — including those using fake Bearer tokens — can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This issue has been patched in version 4.0.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-862 - Missing Authorization
    • CWE-425 - Direct Request ('Forced Browsing')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42297",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T02:22:39.608385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T02:23:10.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xchc-cqwg-g76q"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T03:42:43.305Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows. The Sync Service\u0027s ConfigMap-backed provider performs zero authorization checks on all create, read, update, and delete operations. This allows any authenticated user, including those using fake Bearer tokens, to manipulate Kubernetes ConfigMaps containing synchronization limits. Such unauthorized access can lead to denial of service or other unauthorized configuration changes within the Kubernetes environment."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-425",
                    "description": "Direct Request (\u0027Forced Browsing\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:57:41.809Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42297"
              },
              {
                "name": "RHBZ#2468448",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468448"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42297.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T05:01:33.105Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T03:42:43.305Z",
                "value": "Made public."
              }
            ],
            "title": "Argo Workflows: github.com/argoproj/argo-workflows: Argo Workflows: Unauthorized ConfigMap manipulation due to missing authorization",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service\u0027s ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user \u2014 including those using fake Bearer tokens \u2014 can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This issue has been patched in version 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:42:43.305Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xchc-cqwg-g76q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xchc-cqwg-g76q"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/09fff05e0830c14a5e36cc40597ad84881db1ab6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/09fff05e0830c14a5e36cc40597ad84881db1ab6"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-xchc-cqwg-g76q",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows Is Missing Authorization in Sync ConfigMap Provider"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42297",
        "datePublished": "2026-05-09T03:42:43.305Z",
        "dateReserved": "2026-04-26T12:13:55.552Z",
        "dateUpdated": "2026-07-15T00:57:41.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42296 (GCVE-0-2026-42296)

    Vulnerability from nvd – Published: 2026-05-09 03:52 – Updated: 2026-07-15 00:57
    VLAI
    Title
    Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. This defeats the stated purpose of the feature. The practical impact depends on what Kubernetes-level controls are in place. Clusters with PodSecurity admission or OPA/Gatekeeper would independently block some of these (like hostNetwork). Clusters that rely on Argo's Strict mode as the primary enforcement layer are fully exposed. This issue has been patched in versions 3.7.14 and 4.0.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: < 3.7.14
    Affected: >= 4.0.0, < 4.0.5
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42296",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:51:11.816105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:31:15.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3775-99mw-8rp4"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T03:52:03.456Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows. A user with create Workflow permission can bypass the `templateReferencing: Strict` security control. This bypass allows the user to gain host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable Service Account (SA) token mounting. This could lead to privilege escalation and unauthorized access within the Kubernetes cluster."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:57:44.228Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42296"
              },
              {
                "name": "RHBZ#2468446",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468446"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42296.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T05:01:27.119Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T03:52:03.456Z",
                "value": "Made public."
              }
            ],
            "title": "Argo Workflows: github.com/argoproj/argo-workflows: Argo Workflows: Privilege escalation via security control bypass",
            "workarounds": [
              {
                "lang": "en",
                "value": "Upgrade Argo Workflows to version 3.7.14 or later (3.x line) or 4.0.5+ (4.x line) in affected Red Hat OpenShift AI releases. Red Hat OpenShift AI engineering is expected to deliver updated Data Science Pipelines builds for affected streams (rhoai-2.25, rhoai-3.3, rhoai-3.4).\n\nAs a defense-in-depth measure, enforce PodSecurity admission or policy controls to block hostNetwork, privileged pods, and unauthorized service account use independently of Argo templateReferencing settings. Restrict Workflow create permissions to trusted principals."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.7.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. This defeats the stated purpose of the feature. The practical impact depends on what Kubernetes-level controls are in place. Clusters with PodSecurity admission or OPA/Gatekeeper would independently block some of these (like hostNetwork). Clusters that rely on Argo\u0027s Strict mode as the primary enforcement layer are fully exposed. This issue has been patched in versions 3.7.14 and 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:52:03.456Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3775-99mw-8rp4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3775-99mw-8rp4"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/534f4ff1cbd86908e8ff76d97d553ad5a49a950d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/534f4ff1cbd86908e8ff76d97d553ad5a49a950d"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-3775-99mw-8rp4",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42296",
        "datePublished": "2026-05-09T03:52:03.456Z",
        "dateReserved": "2026-04-26T12:13:55.552Z",
        "dateUpdated": "2026-07-15T00:57:44.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42295 (GCVE-0-2026-42295)

    Vulnerability from nvd – Published: 2026-05-09 03:48 – Updated: 2026-05-11 14:47
    VLAI
    Title
    Argo Workflows: Exposure of artifact repository credentials
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. This issue has been patched in version 4.0.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42295",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:46:35.547968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:47:01.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. This issue has been patched in version 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:48:02.754Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-7vf8-2cr6-54mf",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: Exposure of artifact repository credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42295",
        "datePublished": "2026-05-09T03:48:02.754Z",
        "dateReserved": "2026-04-26T12:13:55.552Z",
        "dateUpdated": "2026-05-11T14:47:01.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42294 (GCVE-0-2026-42294)

    Vulnerability from nvd – Published: 2026-05-09 03:45 – Updated: 2026-07-15 00:57
    VLAI
    Title
    Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api/v1/events/ endpoint, which is publicly accessible (albeit intended for webhooks). An attacker can send a request with an extremely large body (e.g., multiple gigabytes), causing the Argo Server to allocate excessive memory, potentially leading to an Out-Of-Memory (OOM) crash and denial of service. This issue has been patched in versions 3.7.14 and 4.0.5.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: < 3.7.14
    Affected: >= 4.0.0, < 4.0.5
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42294",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T15:47:11.506111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T15:47:21.683Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-jcc8-g2q4-9fxq"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T03:45:48.180Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows. The Webhook Interceptor, accessible via the /api/v1/events/ endpoint, loads the entire request body into memory before authenticating the request or verifying its signature. A remote attacker can exploit this by sending an extremely large request, causing the Argo Server to allocate excessive memory. This can lead to an Out-Of-Memory (OOM) crash, resulting in a denial of service (DoS) for the affected system."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:57:46.447Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42294"
              },
              {
                "name": "RHBZ#2468443",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468443"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42294.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T05:01:16.989Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T03:45:48.180Z",
                "value": "Made public."
              }
            ],
            "title": "Argo Workflows: github.com/argoproj/argo-workflows: Argo Workflows: Denial of Service via large request body to Webhook Interceptor",
            "workarounds": [
              {
                "lang": "en",
                "value": "Upgrade Argo Workflows to version 3.7.14 or later (3.x line) or 4.0.5 or later (4.x line) in affected Red Hat OpenShift AI releases. Red Hat OpenShift AI engineering is expected to deliver updated Data Science Pipelines builds for affected streams (rhoai-2.25, rhoai-3.3, rhoai-3.4).\n\nUntil updated images are available, restrict network access to the Argo Server webhook endpoint (/api/v1/events/) using Ingress rules, firewall policies, or Kubernetes NetworkPolicy so only trusted webhook sources can reach it. Configure request body size limits at the Ingress or load balancer layer (for example, a maximum body size well below multi-gigabyte payloads) to reduce the risk of memory exhaustion from oversized requests."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.7.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api/v1/events/ endpoint, which is publicly accessible (albeit intended for webhooks). An attacker can send a request with an extremely large body (e.g., multiple gigabytes), causing the Argo Server to allocate excessive memory, potentially leading to an Out-Of-Memory (OOM) crash and denial of service. This issue has been patched in versions 3.7.14 and 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:45:48.180Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-jcc8-g2q4-9fxq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-jcc8-g2q4-9fxq"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/7abb4de6c3599e2d5d960ba4d5de4cf1df109965",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/7abb4de6c3599e2d5d960ba4d5de4cf1df109965"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-jcc8-g2q4-9fxq",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42294",
        "datePublished": "2026-05-09T03:45:48.180Z",
        "dateReserved": "2026-04-26T12:13:55.551Z",
        "dateUpdated": "2026-07-15T00:57:46.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42183 (GCVE-0-2026-42183)

    Vulnerability from nvd – Published: 2026-05-09 03:44 – Updated: 2026-05-13 17:46
    VLAI
    Title
    Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() causes a panic (denial of service) for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSO_DELEGATE_RBAC_TO_NAMESPACE=true. This issue has been patched in version 4.0.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42183",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:25:40.856061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:46:04.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() causes a panic (denial of service) for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSO_DELEGATE_RBAC_TO_NAMESPACE=true. This issue has been patched in version 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:44:10.712Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p4gq-3vxj-f4jq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p4gq-3vxj-f4jq"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/c4cc17d0c034fa9a9cc01ef1af6c8016c93071d4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/c4cc17d0c034fa9a9cc01ef1af6c8016c93071d4"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-p4gq-3vxj-f4jq",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42183",
        "datePublished": "2026-05-09T03:44:10.712Z",
        "dateReserved": "2026-04-25T01:53:21.582Z",
        "dateUpdated": "2026-05-13T17:46:04.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42880 (GCVE-0-2026-42880)

    Vulnerability from nvd – Published: 2026-05-07 22:20 – Updated: 2026-07-15 00:56
    VLAI
    Title
    ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
    Summary
    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    argoproj argo-cd Affected: >= 3.2.0, < 3.2.11
    Affected: >= 3.3.0, < 3.3.9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.19 Unaffected: 1779211412 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.19::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20 Unaffected: 1776942799 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20 Unaffected: 1779285564 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20 Unaffected: 1779285074 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20 Unaffected: 1779284685 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42880",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T03:56:28.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.19::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
                "product": "Red Hat OpenShift GitOps 1.19",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779211412",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/argocd-rhel9",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776942799",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/argocd-agent-rhel9",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779285564",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/argocd-image-updater-rhel9",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779285074",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/gitops-rhel9-operator",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779284685",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "packageName": "odf4/odf-multicluster-rhel9-operator",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-agent-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel8-operator",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-07T22:20:39.506Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo CD, a GitOps continuous delivery tool for Kubernetes. A missing authorization and data-masking gap in the ServerSideDiff endpoint allows an attacker with read-only access to extract sensitive Kubernetes Secret data. This information disclosure occurs by leveraging the Kubernetes API server\u0027s Server-Side Apply dry-run mechanism, potentially exposing critical configuration and credentials."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-201",
                    "description": "Insertion of Sensitive Information Into Sent Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:56:44.258Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42880"
              },
              {
                "name": "RHBZ#2467882",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467882"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42880.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20943"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20947"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2026:12433"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:20943: Red Hat OpenShift GitOps 1.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20947: Red Hat OpenShift GitOps 1.20"
              },
              {
                "lang": "en",
                "value": "RHBA-2026:12433: Red Hat OpenShift GitOps 1.20"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-07T23:00:58.796Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-07T22:20:39.506Z",
                "value": "Made public."
              }
            ],
            "title": "argoproj/argo-cd: Argo CD: Information disclosure of Kubernetes Secret data via Server-Side Apply dry-run mechanism",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-cd",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.2.0, \u003c 3.2.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.3.0, \u003c 3.3.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD\u0027s ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server\u0027s Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T22:20:39.506Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
            }
          ],
          "source": {
            "advisory": "GHSA-3v3m-wc6v-x4x3",
            "discovery": "UNKNOWN"
          },
          "title": "ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42880",
        "datePublished": "2026-05-07T22:20:39.506Z",
        "dateReserved": "2026-04-30T18:49:06.711Z",
        "dateUpdated": "2026-07-15T00:56:44.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43824 (GCVE-0-2026-43824)

    Vulnerability from nvd – Published: 2026-05-02 01:20 – Updated: 2026-07-15 00:55
    VLAI
    Summary
    In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    argoproj Argo CD Affected: 3.2.0 , < 3.2.11 (semver)
    Affected: 3.3.0 , < 3.3.9 (semver)
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43824",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T13:32:13.742342Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T13:32:17.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "odf4/odf-multicluster-rhel9-operator",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-agent-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-agent-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-image-updater-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel8-operator",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/gitops-rhel9-operator",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-02T01:20:33.348Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo CD. The ServerSideDiff feature allows for the reading of cleartext Kubernetes Secret data. This vulnerability could lead to information disclosure, potentially exposing sensitive configuration details within the Kubernetes environment."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-312",
                    "description": "Cleartext Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:55:34.280Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-43824"
              },
              {
                "name": "RHBZ#2464613",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464613"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43824.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-02T02:00:52.099Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-02T01:20:33.348Z",
                "value": "Made public."
              }
            ],
            "title": "github.com/argoproj/argo-cd/: Argo CD: Information disclosure via ServerSideDiff allows reading Kubernetes Secret data",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Argo CD",
              "vendor": "argoproj",
              "versions": [
                {
                  "lessThan": "3.2.11",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.3.9",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.11",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.3.9",
                      "versionStartIncluding": "3.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-02T01:42:18.517Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-43824",
        "datePublished": "2026-05-02T01:20:33.348Z",
        "dateReserved": "2026-05-02T01:20:32.951Z",
        "dateUpdated": "2026-07-15T00:55:34.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40886 (GCVE-0-2026-40886)

    Vulnerability from nvd – Published: 2026-04-23 18:12 – Updated: 2026-07-15 01:00
    VLAI
    Title
    Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine (outside the controller's recover() scope), it crashes the entire controller process. The poisoned pod persists across restarts, causing a crash loop that halts all workflow processing until the pod is manually deleted. This vulnerability is fixed in 4.0.5 and 3.7.14.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    • CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.5
    Affected: >= 3.7.0, < 3.7.14
    Affected: >= 3.6.5, <= 3.6.19
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40886",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-25T01:22:21.094335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-25T01:22:45.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-5jv8-h7qh-rf5p"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-23T18:12:05.782Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows, an open-source system for managing tasks in Kubernetes. An attacker with appropriate permissions can trigger a system-wide crash by submitting a specially crafted workflow pod with a malformed annotation. This vulnerability leads to a persistent Denial of Service (DoS), preventing all workflow processing until manual intervention removes the poisoned pod."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1285",
                    "description": "Improper Validation of Specified Index, Position, or Offset in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T01:00:32.466Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-40886"
              },
              {
                "name": "RHBZ#2461236",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461236"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40886.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-23T19:01:28.433Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-23T18:12:05.782Z",
                "value": "Made public."
              }
            ],
            "title": "github.com/argoproj/argo-workflows: Argo Workflows: Denial of Service via malformed workflow pod annotation",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.7.0, \u003c 3.7.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.6.5, \u003c= 3.6.19"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer\u0027s podGCFromPod() function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine (outside the controller\u0027s recover() scope), it crashes the entire controller process. The poisoned pod persists across restarts, causing a crash loop that halts all workflow processing until the pod is manually deleted. This vulnerability is fixed in 4.0.5 and 3.7.14."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129: Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T18:12:05.782Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-5jv8-h7qh-rf5p",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-5jv8-h7qh-rf5p"
            }
          ],
          "source": {
            "advisory": "GHSA-5jv8-h7qh-rf5p",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-40886",
        "datePublished": "2026-04-23T18:12:05.782Z",
        "dateReserved": "2026-04-15T15:57:41.719Z",
        "dateUpdated": "2026-07-15T01:00:32.466Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-31892 (GCVE-0-2026-31892)

    Vulnerability from nvd – Published: 2026-03-11 15:41 – Updated: 2026-07-15 01:08
    VLAI
    Title
    WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin-approved templates. The podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging and is applied directly to the pod spec at creation time with no security validation. This vulnerability is fixed in 4.0.2 and 3.7.11.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    • CWE-807 - Reliance on Untrusted Inputs in a Security Decision
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.2
    Affected: >= 2.9.0, < 3.7.11
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740558 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740640 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740726 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740379 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740386 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740351 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740366 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31892",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T16:03:11.725974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T16:03:52.643Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740558",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740640",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740726",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740379",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740386",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740351",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740366",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-11T15:41:14.376Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows. A user with privileges to submit workflows can bypass security settings defined in a WorkflowTemplate by including a `podSpecPatch` field in their workflow submission. This allows them to circumvent restrictions, even when `templateReferencing: Strict` is configured, potentially leading to unauthorized resource access or privilege escalation."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.9,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-807",
                    "description": "Reliance on Untrusted Inputs in a Security Decision",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T01:08:46.120Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31892"
              },
              {
                "name": "RHBZ#2446551",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446551"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31892.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10184"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-11T16:01:11.139Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-11T15:41:14.376Z",
                "value": "Made public."
              }
            ],
            "title": "github.com/argoproj/argo-workflows: Argo Workflows: Security bypass allows privilege escalation via podSpecPatch field",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.9.0, \u003c 3.7.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin-approved templates. The podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging and is applied directly to the pod spec at creation time with no security validation. This vulnerability is fixed in 4.0.2 and 3.7.11."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T15:41:14.376Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3wf5-g532-rcrr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3wf5-g532-rcrr"
            }
          ],
          "source": {
            "advisory": "GHSA-3wf5-g532-rcrr",
            "discovery": "UNKNOWN"
          },
          "title": "WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-31892",
        "datePublished": "2026-03-11T15:41:14.376Z",
        "dateReserved": "2026-03-09T21:59:02.687Z",
        "dateUpdated": "2026-07-15T01:08:46.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28229 (GCVE-0-2026-28229)

    Vulnerability from nvd – Published: 2026-03-11 15:37 – Updated: 2026-07-15 01:11
    VLAI
    Title
    Argo Workflows has unauthorized access to Argo Workflows Template
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. This vulnerability is fixed in 4.0.2 and 3.7.11.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.2
    Affected: < 3.7.11
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740558 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740640 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740726 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740379 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740386 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740351 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740366 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28229",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T17:32:34.148157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T17:33:15.219Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740558",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740640",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740726",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740379",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740386",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740351",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740366",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-11T15:37:47.338Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows in which an attacker can leak sensitive information contained in Workflow Templates and Cluster Workflow Templates. Because the functions that retrieve template information use server permissions, no authorization is required to read templates which might contain secrets such as passwords, API keys, or other sensitive data."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-306",
                    "description": "Missing Authentication for Critical Function",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T01:11:58.807Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-28229"
              },
              {
                "name": "RHBZ#2446549",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446549"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28229.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10184"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-11T16:01:02.960Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-11T15:37:47.338Z",
                "value": "Made public."
              }
            ],
            "title": "argo-workflows: Argo Workflows has unauthorized access to Argo Workflows Template",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 3.7.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. This vulnerability is fixed in 4.0.2 and 3.7.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T15:37:47.338Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-56px-hm34-xqj5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-56px-hm34-xqj5"
            }
          ],
          "source": {
            "advisory": "GHSA-56px-hm34-xqj5",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows has unauthorized access to Argo Workflows Template"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-28229",
        "datePublished": "2026-03-11T15:37:47.338Z",
        "dateReserved": "2026-02-25T15:28:40.651Z",
        "dateUpdated": "2026-07-15T01:11:58.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54526 (GCVE-0-2026-54526)

    Vulnerability from cvelistv5 – Published: 2026-07-16 19:07 – Updated: 2026-07-16 19:07
    VLAI
    Title
    Argo Workflows: Incomplete fix for CVE-2026-31892: ArtifactGC.PodSpecPatch bypass of Strict/Secure templateReferencing
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 3.7.15 and 4.0.6, the allow-list fix for CVE-2026-31892 is incomplete because workflow/util/merge.go ValidateUserOverrides and SanitizeUserWorkflowSpec walk only the top-level fields of WorkflowSpec via reflection, and WorkflowSpec.ArtifactGC is allow-listed wholesale; the struct behind that field, WorkflowLevelArtifactGC, has a PodSpecPatch sub-field whose contents flow unmodified into util.ApplyPodSpecPatch on the artifact-GC pod, the same sink the original fix closed for WorkflowSpec.PodSpecPatch, so a user submitting a Workflow under templateReferencing: Strict or Secure (against a referenced WorkflowTemplate that declares an output artifact and setting spec.artifactGC.strategy: OnWorkflowCompletion) can still inject an arbitrary strategic merge patch into the artifact-GC pod, including hostPath volumes, privileged: true, arbitrary image and command, and hostNetwork: true, defeating the stated purpose of Strict/Secure reference mode. This issue is fixed in versions 3.7.15 and 4.0.6.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: < 3.7.15
    Affected: >= 4.0.0, < 4.0.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.7.15"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 3.7.15 and 4.0.6, the allow-list fix for CVE-2026-31892 is incomplete because workflow/util/merge.go ValidateUserOverrides and SanitizeUserWorkflowSpec walk only the top-level fields of WorkflowSpec via reflection, and WorkflowSpec.ArtifactGC is allow-listed wholesale; the struct behind that field, WorkflowLevelArtifactGC, has a PodSpecPatch sub-field whose contents flow unmodified into util.ApplyPodSpecPatch on the artifact-GC pod, the same sink the original fix closed for WorkflowSpec.PodSpecPatch, so a user submitting a Workflow under templateReferencing: Strict or Secure (against a referenced WorkflowTemplate that declares an output artifact and setting spec.artifactGC.strategy: OnWorkflowCompletion) can still inject an arbitrary strategic merge patch into the artifact-GC pod, including hostPath volumes, privileged: true, arbitrary image and command, and hostNetwork: true, defeating the stated purpose of Strict/Secure reference mode. This issue is fixed in versions 3.7.15 and 4.0.6."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T19:07:30.804Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-48p8-g2fx-3wwm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-48p8-g2fx-3wwm"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/277e9cef0ad16d7eaaab253573d0695951a65dbd",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/277e9cef0ad16d7eaaab253573d0695951a65dbd"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/358cc3968c8f06f1be0967e41df191088db0b662",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/358cc3968c8f06f1be0967e41df191088db0b662"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.15",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.15"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.6"
            }
          ],
          "source": {
            "advisory": "GHSA-48p8-g2fx-3wwm",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: Incomplete fix for CVE-2026-31892: ArtifactGC.PodSpecPatch bypass of Strict/Secure templateReferencing"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54526",
        "datePublished": "2026-07-16T19:07:30.804Z",
        "dateReserved": "2026-06-15T18:40:01.651Z",
        "dateUpdated": "2026-07-16T19:07:30.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45737 (GCVE-0-2026-45737)

    Vulnerability from cvelistv5 – Published: 2026-07-15 20:00 – Updated: 2026-07-16 19:14
    VLAI
    Title
    Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
    Summary
    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation because HideSecretData(target, live, ...) does not fully sanitize ResourceDiff.TargetState and LiveState predicted live Secret objects, allowing sensitive data, stringData, and annotations to appear in UI or CLI diffs. This issue is fixed in versions 3.2.12, 3.3.10, and 3.4.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-cd Affected: >= 3.2.0, < 3.2.12
    Affected: >= 3.3.9, < 3.3.10
    Affected: >= 3.4.1, < 3.4.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45737",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T19:14:28.622751Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T19:14:44.711Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-rg3g-4rw9-gqrp"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-cd",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.2.0, \u003c 3.2.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.3.9, \u003c 3.3.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.4.1, \u003c 3.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation because HideSecretData(target, live, ...) does not fully sanitize ResourceDiff.TargetState and LiveState predicted live Secret objects, allowing sensitive data, stringData, and annotations to appear in UI or CLI diffs. This issue is fixed in versions 3.2.12, 3.3.10, and 3.4.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T20:00:46.998Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-rg3g-4rw9-gqrp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-rg3g-4rw9-gqrp"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/7879e6322465080a82d152bf00f2b92e0f36c658",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/7879e6322465080a82d152bf00f2b92e0f36c658"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/87e9148320749693624d08e3d6fa2cc217c672a0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/87e9148320749693624d08e3d6fa2cc217c672a0"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/ac11bec9986807adc8886ef1181eced7347ef5c6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/ac11bec9986807adc8886ef1181eced7347ef5c6"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/bcb4298afc9fcff5f5d69f4e1db2d0a75983f42c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/bcb4298afc9fcff5f5d69f4e1db2d0a75983f42c"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.2.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.2.12"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.3.10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.3.10"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.4.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.4.2"
            }
          ],
          "source": {
            "advisory": "GHSA-rg3g-4rw9-gqrp",
            "discovery": "UNKNOWN"
          },
          "title": "Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45737",
        "datePublished": "2026-07-15T20:00:46.998Z",
        "dateReserved": "2026-05-13T06:54:34.219Z",
        "dateUpdated": "2026-07-16T19:14:44.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45738 (GCVE-0-2026-45738)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:54 – Updated: 2026-07-16 15:12
    VLAI
    Title
    Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation
    Summary
    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/* annotations whose pipe-separated values are rendered by ui/src/app/applications/components/application-summary/application-summary.tsx in the Summary tab URLs section as anchor href values without URL validation, allowing javascript: execution in a higher-privileged user's authenticated Argo CD origin session. This issue is fixed in versions 3.2.12, 3.3.10, and 3.4.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-cd Affected: < 3.2.12
    Affected: >= 3.3.0, < 3.3.10
    Affected: >= 3.4.0-rc1, < 3.4.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45738",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:51:03.406825Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:12:45.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h98r-wv3h-fr38"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-cd",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.2.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.3.0, \u003c 3.3.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.4.0-rc1, \u003c 3.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/* annotations whose pipe-separated values are rendered by ui/src/app/applications/components/application-summary/application-summary.tsx in the Summary tab URLs section as anchor href values without URL validation, allowing javascript: execution in a higher-privileged user\u0027s authenticated Argo CD origin session. This issue is fixed in versions 3.2.12, 3.3.10, and 3.4.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:54:51.634Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h98r-wv3h-fr38",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-h98r-wv3h-fr38"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/00f83c41dcfd879f34f8e0248c860d704b41cf0f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/00f83c41dcfd879f34f8e0248c860d704b41cf0f"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/35ea43c537d6e8948e67f347317fc4f88b325122",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/35ea43c537d6e8948e67f347317fc4f88b325122"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/commit/c8df5ff7acc403adcee1256da5d87081cd52f0a6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/commit/c8df5ff7acc403adcee1256da5d87081cd52f0a6"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.2.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.2.12"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.3.10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.3.10"
            },
            {
              "name": "https://github.com/argoproj/argo-cd/releases/tag/v3.4.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-cd/releases/tag/v3.4.2"
            }
          ],
          "source": {
            "advisory": "GHSA-h98r-wv3h-fr38",
            "discovery": "UNKNOWN"
          },
          "title": "Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45738",
        "datePublished": "2026-07-15T19:54:51.634Z",
        "dateReserved": "2026-05-13T06:54:34.219Z",
        "dateUpdated": "2026-07-16T15:12:45.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15416 (GCVE-0-2026-15416)

    Vulnerability from cvelistv5 – Published: 2026-07-14 08:56 – Updated: 2026-07-15 14:39
    VLAI
    Title
    Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint
    Summary
    A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-helm Affected: 0 , < 10.0.0 (semver)
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Date Public
    2026-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15416",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T14:39:38.453802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T14:39:52.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/argoproj/argo-helm",
              "defaultStatus": "unaffected",
              "packageName": "argo-helm",
              "product": "argo-helm",
              "vendor": "argoproj",
              "versions": [
                {
                  "lessThan": "10.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_data_foundation:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "odf4/odf-multicluster-rhel9-operator",
              "product": "Red Hat Openshift Data Foundation 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "openshift-gitops-1/argocd-agent-rhel8",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-gitops-1/argocd-agent-rhel9",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-gitops-1/argocd-image-updater-rhel9",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/argocd-rhel8",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unknown",
              "packageName": "openshift-gitops-1/argocd-rhel9",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-operator-bundle",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-rhel8",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "affected",
              "packageName": "openshift-gitops-1/gitops-rhel8-operator",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-gitops-1/gitops-rhel9",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_gitops:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openshift-gitops-1/gitops-rhel9-operator",
              "product": "Red Hat OpenShift GitOps",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2026-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy malicious Kubernetes resources to managed clusters, potentially resulting in complete cluster compromise."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T13:46:03.711Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-15416"
            },
            {
              "name": "RHBZ#2496732",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496732"
            },
            {
              "url": "https://github.com/argoproj/argo-helm/commit/0f245ab"
            },
            {
              "url": "https://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8"
            },
            {
              "url": "https://thehackernews.com/2026/07/unpatched-argo-cd-repo-server-flaw.html"
            },
            {
              "url": "https://www.synacktiv.com/en/publications/caught-in-the-octopus-trap-unauthenticated-rce-in-argo-cd-with-codeql"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-03T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-07-01T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint",
          "workarounds": [
            {
              "lang": "en",
              "value": "Limit network access to the Argo CD repo-server gRPC endpoint to trusted internal components using Kubernetes NetworkPolicy or equivalent network access controls. Do not expose the repo-server outside the cluster or to untrusted networks. Restrict access to the associated Redis service and update to a fixed version once one becomes available."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-15416",
        "datePublished": "2026-07-14T08:56:29.942Z",
        "dateReserved": "2026-07-10T14:49:39.682Z",
        "dateUpdated": "2026-07-15T14:39:52.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-62185 (GCVE-0-2026-62185)

    Vulnerability from cvelistv5 – Published: 2026-07-13 21:31 – Updated: 2026-07-14 22:03 X_Open Source
    VLAI
    Title
    Argo CD Helm Chart < 10.0.0 Missing Network Policy RCE
    Summary
    Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Initialization of a Resource with an Insecure Default
    Assigner
    References
    Impacted products
    Vendor Product Version
    argoproj argo-helm Affected: 0 , < 10.0.0 (semver)
    Unaffected: 10.0.0 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 00:00
    Credits
    hugo-syn paulb-syn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-62185",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T12:48:50.419269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:48:58.982Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:github/argoproj/argo-helm",
              "product": "argo-helm",
              "repo": "https://github.com/argoproj/argo-helm",
              "vendor": "argoproj",
              "versions": [
                {
                  "lessThan": "10.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "hugo-syn"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "paulb-syn"
            }
          ],
          "datePublic": "2026-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "Initialization of a Resource with an Insecure Default",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T22:03:46.962Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "GitHub Security Advisory (GHSA-47m3-95c7-g2g8)",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8"
            },
            {
              "name": "VulnCheck Advisory: Argo CD Helm Chart \u003c 10.0.0 Missing Network Policy RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/argo-cd-helm-chart-missing-network-policy-rce"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "title": "Argo CD Helm Chart \u003c 10.0.0 Missing Network Policy RCE",
          "x_generator": {
            "engine": "vulncheck-endgame"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-62185",
        "datePublished": "2026-07-13T21:31:23.660Z",
        "dateReserved": "2026-07-13T16:36:32.095Z",
        "dateUpdated": "2026-07-14T22:03:46.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42296 (GCVE-0-2026-42296)

    Vulnerability from cvelistv5 – Published: 2026-05-09 03:52 – Updated: 2026-07-15 00:57
    VLAI
    Title
    Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. This defeats the stated purpose of the feature. The practical impact depends on what Kubernetes-level controls are in place. Clusters with PodSecurity admission or OPA/Gatekeeper would independently block some of these (like hostNetwork). Clusters that rely on Argo's Strict mode as the primary enforcement layer are fully exposed. This issue has been patched in versions 3.7.14 and 4.0.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: < 3.7.14
    Affected: >= 4.0.0, < 4.0.5
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42296",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:51:11.816105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:31:15.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3775-99mw-8rp4"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T03:52:03.456Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows. A user with create Workflow permission can bypass the `templateReferencing: Strict` security control. This bypass allows the user to gain host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable Service Account (SA) token mounting. This could lead to privilege escalation and unauthorized access within the Kubernetes cluster."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:57:44.228Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42296"
              },
              {
                "name": "RHBZ#2468446",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468446"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42296.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T05:01:27.119Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T03:52:03.456Z",
                "value": "Made public."
              }
            ],
            "title": "Argo Workflows: github.com/argoproj/argo-workflows: Argo Workflows: Privilege escalation via security control bypass",
            "workarounds": [
              {
                "lang": "en",
                "value": "Upgrade Argo Workflows to version 3.7.14 or later (3.x line) or 4.0.5+ (4.x line) in affected Red Hat OpenShift AI releases. Red Hat OpenShift AI engineering is expected to deliver updated Data Science Pipelines builds for affected streams (rhoai-2.25, rhoai-3.3, rhoai-3.4).\n\nAs a defense-in-depth measure, enforce PodSecurity admission or policy controls to block hostNetwork, privileged pods, and unauthorized service account use independently of Argo templateReferencing settings. Restrict Workflow create permissions to trusted principals."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.7.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. This defeats the stated purpose of the feature. The practical impact depends on what Kubernetes-level controls are in place. Clusters with PodSecurity admission or OPA/Gatekeeper would independently block some of these (like hostNetwork). Clusters that rely on Argo\u0027s Strict mode as the primary enforcement layer are fully exposed. This issue has been patched in versions 3.7.14 and 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:52:03.456Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3775-99mw-8rp4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3775-99mw-8rp4"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/534f4ff1cbd86908e8ff76d97d553ad5a49a950d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/534f4ff1cbd86908e8ff76d97d553ad5a49a950d"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-3775-99mw-8rp4",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42296",
        "datePublished": "2026-05-09T03:52:03.456Z",
        "dateReserved": "2026-04-26T12:13:55.552Z",
        "dateUpdated": "2026-07-15T00:57:44.228Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42295 (GCVE-0-2026-42295)

    Vulnerability from cvelistv5 – Published: 2026-05-09 03:48 – Updated: 2026-05-11 14:47
    VLAI
    Title
    Argo Workflows: Exposure of artifact repository credentials
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. This issue has been patched in version 4.0.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42295",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:46:35.547968Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:47:01.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. This issue has been patched in version 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:48:02.754Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-7vf8-2cr6-54mf",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: Exposure of artifact repository credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42295",
        "datePublished": "2026-05-09T03:48:02.754Z",
        "dateReserved": "2026-04-26T12:13:55.552Z",
        "dateUpdated": "2026-05-11T14:47:01.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42294 (GCVE-0-2026-42294)

    Vulnerability from cvelistv5 – Published: 2026-05-09 03:45 – Updated: 2026-07-15 00:57
    VLAI
    Title
    Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api/v1/events/ endpoint, which is publicly accessible (albeit intended for webhooks). An attacker can send a request with an extremely large body (e.g., multiple gigabytes), causing the Argo Server to allocate excessive memory, potentially leading to an Out-Of-Memory (OOM) crash and denial of service. This issue has been patched in versions 3.7.14 and 4.0.5.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: < 3.7.14
    Affected: >= 4.0.0, < 4.0.5
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42294",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T15:47:11.506111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T15:47:21.683Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-jcc8-g2q4-9fxq"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T03:45:48.180Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows. The Webhook Interceptor, accessible via the /api/v1/events/ endpoint, loads the entire request body into memory before authenticating the request or verifying its signature. A remote attacker can exploit this by sending an extremely large request, causing the Argo Server to allocate excessive memory. This can lead to an Out-Of-Memory (OOM) crash, resulting in a denial of service (DoS) for the affected system."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:57:46.447Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42294"
              },
              {
                "name": "RHBZ#2468443",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468443"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42294.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T05:01:16.989Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T03:45:48.180Z",
                "value": "Made public."
              }
            ],
            "title": "Argo Workflows: github.com/argoproj/argo-workflows: Argo Workflows: Denial of Service via large request body to Webhook Interceptor",
            "workarounds": [
              {
                "lang": "en",
                "value": "Upgrade Argo Workflows to version 3.7.14 or later (3.x line) or 4.0.5 or later (4.x line) in affected Red Hat OpenShift AI releases. Red Hat OpenShift AI engineering is expected to deliver updated Data Science Pipelines builds for affected streams (rhoai-2.25, rhoai-3.3, rhoai-3.4).\n\nUntil updated images are available, restrict network access to the Argo Server webhook endpoint (/api/v1/events/) using Ingress rules, firewall policies, or Kubernetes NetworkPolicy so only trusted webhook sources can reach it. Configure request body size limits at the Ingress or load balancer layer (for example, a maximum body size well below multi-gigabyte payloads) to reduce the risk of memory exhaustion from oversized requests."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.7.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api/v1/events/ endpoint, which is publicly accessible (albeit intended for webhooks). An attacker can send a request with an extremely large body (e.g., multiple gigabytes), causing the Argo Server to allocate excessive memory, potentially leading to an Out-Of-Memory (OOM) crash and denial of service. This issue has been patched in versions 3.7.14 and 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:45:48.180Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-jcc8-g2q4-9fxq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-jcc8-g2q4-9fxq"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/7abb4de6c3599e2d5d960ba4d5de4cf1df109965",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/7abb4de6c3599e2d5d960ba4d5de4cf1df109965"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-jcc8-g2q4-9fxq",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42294",
        "datePublished": "2026-05-09T03:45:48.180Z",
        "dateReserved": "2026-04-26T12:13:55.551Z",
        "dateUpdated": "2026-07-15T00:57:46.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42183 (GCVE-0-2026-42183)

    Vulnerability from cvelistv5 – Published: 2026-05-09 03:44 – Updated: 2026-05-13 17:46
    VLAI
    Title
    Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() causes a panic (denial of service) for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSO_DELEGATE_RBAC_TO_NAMESPACE=true. This issue has been patched in version 4.0.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42183",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T17:25:40.856061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T17:46:04.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() causes a panic (denial of service) for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSO_DELEGATE_RBAC_TO_NAMESPACE=true. This issue has been patched in version 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:44:10.712Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p4gq-3vxj-f4jq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p4gq-3vxj-f4jq"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/c4cc17d0c034fa9a9cc01ef1af6c8016c93071d4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/c4cc17d0c034fa9a9cc01ef1af6c8016c93071d4"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-p4gq-3vxj-f4jq",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42183",
        "datePublished": "2026-05-09T03:44:10.712Z",
        "dateReserved": "2026-04-25T01:53:21.582Z",
        "dateUpdated": "2026-05-13T17:46:04.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42297 (GCVE-0-2026-42297)

    Vulnerability from cvelistv5 – Published: 2026-05-09 03:42 – Updated: 2026-07-15 00:57
    VLAI
    Title
    Argo Workflows Is Missing Authorization in Sync ConfigMap Provider
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user — including those using fake Bearer tokens — can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This issue has been patched in version 4.0.5.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-862 - Missing Authorization
    • CWE-425 - Direct Request ('Forced Browsing')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42297",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T02:22:39.608385Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T02:23:10.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xchc-cqwg-g76q"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T03:42:43.305Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows. The Sync Service\u0027s ConfigMap-backed provider performs zero authorization checks on all create, read, update, and delete operations. This allows any authenticated user, including those using fake Bearer tokens, to manipulate Kubernetes ConfigMaps containing synchronization limits. Such unauthorized access can lead to denial of service or other unauthorized configuration changes within the Kubernetes environment."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-425",
                    "description": "Direct Request (\u0027Forced Browsing\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:57:41.809Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42297"
              },
              {
                "name": "RHBZ#2468448",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468448"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42297.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T05:01:33.105Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T03:42:43.305Z",
                "value": "Made public."
              }
            ],
            "title": "Argo Workflows: github.com/argoproj/argo-workflows: Argo Workflows: Unauthorized ConfigMap manipulation due to missing authorization",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service\u0027s ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user \u2014 including those using fake Bearer tokens \u2014 can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This issue has been patched in version 4.0.5."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T03:42:43.305Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xchc-cqwg-g76q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xchc-cqwg-g76q"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/commit/09fff05e0830c14a5e36cc40597ad84881db1ab6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/commit/09fff05e0830c14a5e36cc40597ad84881db1ab6"
            },
            {
              "name": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5"
            }
          ],
          "source": {
            "advisory": "GHSA-xchc-cqwg-g76q",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows Is Missing Authorization in Sync ConfigMap Provider"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42297",
        "datePublished": "2026-05-09T03:42:43.305Z",
        "dateReserved": "2026-04-26T12:13:55.552Z",
        "dateUpdated": "2026-07-15T00:57:41.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42880 (GCVE-0-2026-42880)

    Vulnerability from cvelistv5 – Published: 2026-05-07 22:20 – Updated: 2026-07-15 00:56
    VLAI
    Title
    ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
    Summary
    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    argoproj argo-cd Affected: >= 3.2.0, < 3.2.11
    Affected: >= 3.3.0, < 3.3.9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.19 Unaffected: 1779211412 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.19::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20 Unaffected: 1776942799 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20 Unaffected: 1779285564 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20 Unaffected: 1779285074 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20 Unaffected: 1779284685 , < * (rpm)
        cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42880",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T03:56:28.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.19::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
                "product": "Red Hat OpenShift GitOps 1.19",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779211412",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/argocd-rhel9",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776942799",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/argocd-agent-rhel9",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779285564",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/argocd-image-updater-rhel9",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779285074",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/gitops-rhel9-operator",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1779284685",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "packageName": "odf4/odf-multicluster-rhel9-operator",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-agent-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel8-operator",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-07T22:20:39.506Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo CD, a GitOps continuous delivery tool for Kubernetes. A missing authorization and data-masking gap in the ServerSideDiff endpoint allows an attacker with read-only access to extract sensitive Kubernetes Secret data. This information disclosure occurs by leveraging the Kubernetes API server\u0027s Server-Side Apply dry-run mechanism, potentially exposing critical configuration and credentials."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-201",
                    "description": "Insertion of Sensitive Information Into Sent Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:56:44.258Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42880"
              },
              {
                "name": "RHBZ#2467882",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467882"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42880.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20943"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20947"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2026:12433"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:20943: Red Hat OpenShift GitOps 1.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20947: Red Hat OpenShift GitOps 1.20"
              },
              {
                "lang": "en",
                "value": "RHBA-2026:12433: Red Hat OpenShift GitOps 1.20"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-07T23:00:58.796Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-07T22:20:39.506Z",
                "value": "Made public."
              }
            ],
            "title": "argoproj/argo-cd: Argo CD: Information disclosure of Kubernetes Secret data via Server-Side Apply dry-run mechanism",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-cd",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 3.2.0, \u003c 3.2.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.3.0, \u003c 3.3.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD\u0027s ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server\u0027s Server-Side Apply dry-run mechanism. This issue has been patched in versions 3.2.11 and 3.3.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T22:20:39.506Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
            }
          ],
          "source": {
            "advisory": "GHSA-3v3m-wc6v-x4x3",
            "discovery": "UNKNOWN"
          },
          "title": "ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42880",
        "datePublished": "2026-05-07T22:20:39.506Z",
        "dateReserved": "2026-04-30T18:49:06.711Z",
        "dateUpdated": "2026-07-15T00:56:44.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43824 (GCVE-0-2026-43824)

    Vulnerability from cvelistv5 – Published: 2026-05-02 01:20 – Updated: 2026-07-15 00:55
    VLAI
    Summary
    In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    argoproj Argo CD Affected: 3.2.0 , < 3.2.11 (semver)
    Affected: 3.3.0 , < 3.3.9 (semver)
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43824",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T13:32:13.742342Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T13:32:17.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "odf4/odf-multicluster-rhel9-operator",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-agent-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-agent-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-image-updater-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/argocd-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel8",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel8-operator",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "openshift-gitops-1/gitops-rhel9",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-gitops-1/gitops-rhel9-operator",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-02T01:20:33.348Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo CD. The ServerSideDiff feature allows for the reading of cleartext Kubernetes Secret data. This vulnerability could lead to information disclosure, potentially exposing sensitive configuration details within the Kubernetes environment."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-312",
                    "description": "Cleartext Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:55:34.280Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-43824"
              },
              {
                "name": "RHBZ#2464613",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464613"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43824.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-02T02:00:52.099Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-02T01:20:33.348Z",
                "value": "Made public."
              }
            ],
            "title": "github.com/argoproj/argo-cd/: Argo CD: Information disclosure via ServerSideDiff allows reading Kubernetes Secret data",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Argo CD",
              "vendor": "argoproj",
              "versions": [
                {
                  "lessThan": "3.2.11",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.3.9",
                  "status": "affected",
                  "version": "3.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.11",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.3.9",
                      "versionStartIncluding": "3.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-02T01:42:18.517Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-43824",
        "datePublished": "2026-05-02T01:20:33.348Z",
        "dateReserved": "2026-05-02T01:20:32.951Z",
        "dateUpdated": "2026-07-15T00:55:34.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40886 (GCVE-0-2026-40886)

    Vulnerability from cvelistv5 – Published: 2026-04-23 18:12 – Updated: 2026-07-15 01:00
    VLAI
    Title
    Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine (outside the controller's recover() scope), it crashes the entire controller process. The poisoned pod persists across restarts, causing a crash loop that halts all workflow processing until the pod is manually deleted. This vulnerability is fixed in 4.0.5 and 3.7.14.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    • CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.5
    Affected: >= 3.7.0, < 3.7.14
    Affected: >= 3.6.5, <= 3.6.19
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40886",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-25T01:22:21.094335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-25T01:22:45.497Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-5jv8-h7qh-rf5p"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-23T18:12:05.782Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows, an open-source system for managing tasks in Kubernetes. An attacker with appropriate permissions can trigger a system-wide crash by submitting a specially crafted workflow pod with a malformed annotation. This vulnerability leads to a persistent Denial of Service (DoS), preventing all workflow processing until manual intervention removes the poisoned pod."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1285",
                    "description": "Improper Validation of Specified Index, Position, or Offset in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T01:00:32.466Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-40886"
              },
              {
                "name": "RHBZ#2461236",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461236"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40886.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-23T19:01:28.433Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-23T18:12:05.782Z",
                "value": "Made public."
              }
            ],
            "title": "github.com/argoproj/argo-workflows: Argo Workflows: Denial of Service via malformed workflow pod annotation",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.7.0, \u003c 3.7.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.6.5, \u003c= 3.6.19"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer\u0027s podGCFromPod() function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine (outside the controller\u0027s recover() scope), it crashes the entire controller process. The poisoned pod persists across restarts, causing a crash loop that halts all workflow processing until the pod is manually deleted. This vulnerability is fixed in 4.0.5 and 3.7.14."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129: Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-23T18:12:05.782Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-5jv8-h7qh-rf5p",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-5jv8-h7qh-rf5p"
            }
          ],
          "source": {
            "advisory": "GHSA-5jv8-h7qh-rf5p",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-40886",
        "datePublished": "2026-04-23T18:12:05.782Z",
        "dateReserved": "2026-04-15T15:57:41.719Z",
        "dateUpdated": "2026-07-15T01:00:32.466Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-31892 (GCVE-0-2026-31892)

    Vulnerability from cvelistv5 – Published: 2026-03-11 15:41 – Updated: 2026-07-15 01:08
    VLAI
    Title
    WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin-approved templates. The podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging and is applied directly to the pod spec at creation time with no security validation. This vulnerability is fixed in 4.0.2 and 3.7.11.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    • CWE-807 - Reliance on Untrusted Inputs in a Security Decision
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.2
    Affected: >= 2.9.0, < 3.7.11
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740558 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740640 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740726 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740379 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740386 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740351 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740366 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31892",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T16:03:11.725974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T16:03:52.643Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740558",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740640",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740726",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740379",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740386",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740351",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740366",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-11T15:41:14.376Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows. A user with privileges to submit workflows can bypass security settings defined in a WorkflowTemplate by including a `podSpecPatch` field in their workflow submission. This allows them to circumvent restrictions, even when `templateReferencing: Strict` is configured, potentially leading to unauthorized resource access or privilege escalation."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.9,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-807",
                    "description": "Reliance on Untrusted Inputs in a Security Decision",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T01:08:46.120Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31892"
              },
              {
                "name": "RHBZ#2446551",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446551"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31892.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10184"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-11T16:01:11.139Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-11T15:41:14.376Z",
                "value": "Made public."
              }
            ],
            "title": "github.com/argoproj/argo-workflows: Argo Workflows: Security bypass allows privilege escalation via podSpecPatch field",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.9.0, \u003c 3.7.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin-approved templates. The podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging and is applied directly to the pod spec at creation time with no security validation. This vulnerability is fixed in 4.0.2 and 3.7.11."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T15:41:14.376Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3wf5-g532-rcrr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3wf5-g532-rcrr"
            }
          ],
          "source": {
            "advisory": "GHSA-3wf5-g532-rcrr",
            "discovery": "UNKNOWN"
          },
          "title": "WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-31892",
        "datePublished": "2026-03-11T15:41:14.376Z",
        "dateReserved": "2026-03-09T21:59:02.687Z",
        "dateUpdated": "2026-07-15T01:08:46.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-28229 (GCVE-0-2026-28229)

    Vulnerability from cvelistv5 – Published: 2026-03-11 15:37 – Updated: 2026-07-15 01:11
    VLAI
    Title
    Argo Workflows has unauthorized access to Argo Workflows Template
    Summary
    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. This vulnerability is fixed in 4.0.2 and 3.7.11.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    argoproj argo-workflows Affected: >= 4.0.0, < 4.0.2
    Affected: < 3.7.11
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740558 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740640 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740726 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740379 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740386 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740351 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25 Unaffected: 1776740366 , < * (rpm)
        cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-28229",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T17:32:34.148157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T17:33:15.219Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740558",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740640",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740726",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740379",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740386",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740351",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1776740366",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-api-server-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-driver-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-launcher-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-11T15:37:47.338Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Argo Workflows in which an attacker can leak sensitive information contained in Workflow Templates and Cluster Workflow Templates. Because the functions that retrieve template information use server permissions, no authorization is required to read templates which might contain secrets such as passwords, API keys, or other sensitive data."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-306",
                    "description": "Missing Authentication for Critical Function",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T01:11:58.807Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-28229"
              },
              {
                "name": "RHBZ#2446549",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446549"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-28229.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10184"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-11T16:01:02.960Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-11T15:37:47.338Z",
                "value": "Made public."
              }
            ],
            "title": "argo-workflows: Argo Workflows has unauthorized access to Argo Workflows Template",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "argo-workflows",
              "vendor": "argoproj",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.0.0, \u003c 4.0.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 3.7.11"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. This vulnerability is fixed in 4.0.2 and 3.7.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-11T15:37:47.338Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-56px-hm34-xqj5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-56px-hm34-xqj5"
            }
          ],
          "source": {
            "advisory": "GHSA-56px-hm34-xqj5",
            "discovery": "UNKNOWN"
          },
          "title": "Argo Workflows has unauthorized access to Argo Workflows Template"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-28229",
        "datePublished": "2026-03-11T15:37:47.338Z",
        "dateReserved": "2026-02-25T15:28:40.651Z",
        "dateUpdated": "2026-07-15T01:11:58.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }