{"vulnerability": "cve-2026-4229", "sightings": [{"uuid": "9532d055-3d7a-475e-9e00-c34ac781c04a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42295", "type": "published-proof-of-concept", "source": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf", "content": "", "creation_timestamp": "2026-04-23T08:17:49.000000Z"}, {"uuid": "dbf54f76-9f2f-4168-b475-b469a067e68c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42298", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleuu5h24l2e", "content": "\ud83d\udd34 CVE-2026-42298 - Critical (10)\n\nPostiz is an AI social media scheduling tool. Prior to commit da44801, a \"Pwn Request\" vulnerabil...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42298/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T23:24:54.093009Z"}, {"uuid": "e7081d68-007a-479e-9800-ae41263235c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42298", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlf2wfsfch2p", "content": "CVE-2026-42298 - Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev\nCVE ID : CVE-2026-42298\n \n Published : May 8, 2026, 11:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : Postiz is an AI social media scheduling tool. Pr...", "creation_timestamp": "2026-05-09T01:13:31.914252Z"}, {"uuid": "eed0238f-d852-424f-a744-3065fcd3b3cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42298", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlfavp7yjp2g", "content": "CRITICAL: gitroomhq postiz-app (< da44801) lets attackers run code & steal GITHUB_TOKEN via PRs. Patch to commit da44801 now to stay secure! https://radar.offseq.com/threat/cve-2026-42298-cwe-94-improper-control-of-generati-f33886f6 #OffSeq #CVE202642298 #DevSecOps", "creation_timestamp": "2026-05-09T03:00:31.240331Z"}, {"uuid": "80625606-0433-4655-8a83-43121525f675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42298", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116542382305810919", "content": "\ud83d\udd34 CRITICAL: gitroomhq postiz-app (< da44801) code injection (CVE-2026-42298, CVSS 10). PRs with malicious Dockerfiles can steal privileged GITHUB_TOKEN. Patch to commit da44801 now! https://radar.offseq.com/threat/cve-2026-42298-cwe-94-improper-control-of-generati-f33886f6 #OffSeq #CVE202642298 #GitHub #Security", "creation_timestamp": "2026-05-09T03:00:45.764968Z"}, {"uuid": "a5103597-1f91-4a48-a6aa-b790d3685b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42295", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlfh2xgpod2e", "content": "CVE-2026-42295 - Argo Workflows: Exposure of artifact repository credentials\nCVE ID : CVE-2026-42295\n \n Published : May 9, 2026, 3:48 a.m. | 38\u00a0minutes ago\n \n Description : Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kub...", "creation_timestamp": "2026-05-09T04:50:49.598909Z"}, {"uuid": "0e9f88ec-bdce-496d-82e9-9220256f1db1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42296", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlfhcf56ni2p", "content": "CVE-2026-42296 - Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure\nCVE ID : CVE-2026-42296\n \n Published : May 9, 2026, 3:52 a.m. | 34\u00a0minutes ago\n \n Description : Argo Workflows is an...", "creation_timestamp": "2026-05-09T04:54:58.800056Z"}, {"uuid": "76e80728-7af5-468d-baa5-36fab3795538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42294", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlfhkyvosz2q", "content": "CVE-2026-42294 - Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor\nCVE ID : CVE-2026-42294\n \n Published : May 9, 2026, 3:45 a.m. | 40\u00a0minutes ago\n \n Description : Argo Workflows is an open source container-native workflow engine for orchestrating p...", "creation_timestamp": "2026-05-09T04:59:47.919922Z"}, {"uuid": "e7e5c3ff-1b2b-4fc2-8980-25be7d7759a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42297", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlfjekms5m2i", "content": "CVE-2026-42297 - Argo Workflows Is Missing Authorization in Sync ConfigMap Provider\nCVE ID : CVE-2026-42297\n \n Published : May 9, 2026, 3:42 a.m. | 43\u00a0minutes ago\n \n Description : Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs...", "creation_timestamp": "2026-05-09T05:31:59.016160Z"}, {"uuid": "5492254f-8709-42d0-8fff-940cc426abdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42297", "type": "published-proof-of-concept", "source": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xchc-cqwg-g76q", "content": "", "creation_timestamp": "2026-04-23T08:17:40.000000Z"}, {"uuid": "e415021d-c96d-45cc-a97a-72e87bedf4b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42296", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlgqe2brll2f", "content": "\ud83d\udfe0 CVE-2026-42296 - High (8.1)\n\nArgo Workflows is an open source container-native workflow engine for orchestrating parallel jobs...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42296/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-09T17:09:38.168599Z"}, {"uuid": "44b06f15-49fb-45a5-ac11-49d4dae1ac77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42294", "type": "published-proof-of-concept", "source": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-jcc8-g2q4-9fxq", "content": "", "creation_timestamp": "2026-04-23T08:17:59.000000Z"}]}