Argo Workflows
CVE-2026-23960
HIGH
Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable stored XSS by an authenticated author (PR:L) needing victim interaction (UI:R) and crafted payload (AC:H); runs cross-origin context (S:C) enabling API actions, so C:H/I:H, no real availability impact (A:N).
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from Vendor (github).
CVSS VectorVendor: github
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
12DescriptionCVE.org
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Versions 3.6.17 and 3.7.8 fix the issue.
AnalysisAI
Stored cross-site scripting in Argo Workflows (CNCF Kubernetes workflow engine) before 3.6.17 and 3.7.8 lets any authenticated workflow author plant malicious JavaScript that executes in another user's browser under the Argo Server origin, hijacking the victim's session to perform privileged API actions on their behalf. Public exploit details exist via the GitHub Security Advisory (GHSA-cv78-6m8q-ph82), but there is no public exploit identified as weaponized and no CISA KEV listing; EPSS is very low at 0.05% (16th percentile). The flaw is patched in 3.6.17 and 3.7.8.
Technical ContextAI
Argo Workflows is an open-source, container-native engine for orchestrating parallel jobs on Kubernetes; its Argo Server component exposes both an API and a web UI. The vulnerability is a CWE-79 (Improper Neutralization of Input During Web Page Generation) stored XSS in the artifact directory listing, served by the artifact server code (server/artifacts/artifact_server.go, lines ~194-244 in the referenced commit). Because artifact paths/names rendered in that directory listing are not properly sanitized or encoded, an attacker-controlled value is reflected as live HTML/JavaScript and runs in the trusted Argo Server origin, where it can ride the victim's authenticated session to invoke the Argo API. Affected packages are tracked under CPE cpe:2.3:a:argoproj:argo_workflows:*:*:*:*:*:go:*:* (Go-based distribution).
RemediationAI
Vendor-released patch: upgrade to Argo Workflows 3.6.17 (3.6.x line) or 3.7.8 (3.7.x line), which contain the fix (release notes at https://github.com/argoproj/argo-workflows/releases/tag/v3.6.17 and https://github.com/argoproj/argo-workflows/releases/tag/v3.7.8; fixing commit 159a5c56285ecd4d3bb0a67aeef4507779a44e17). Distro users should apply the corresponding vendor updates (SUSE-SU-2026:0403; Red Hat per CVE-2026-23960). If immediate patching is not possible, reduce exposure by tightening who can author workflows and produce artifacts (restrict Argo RBAC so untrusted/low-trust tenants cannot create workflows that emit attacker-controlled artifact names), and limit who can browse the artifact directory listing in the Argo Server UI - the trade-off is reduced self-service for legitimate users. Operating Argo Server on a dedicated origin/subdomain and behind SSO with short session lifetimes limits the blast radius of session-riding, at the cost of added auth friction; review GHSA-cv78-6m8q-ph82 for vendor-specific guidance.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-cv78-6m8q-ph82