What is the CVSS score of CVE-2026-31892?

CVE-2026-31892 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Kubernetes are affected by CVE-2026-31892?

Organizations using Argo Workflows face notable risk from CVE-2026-31892, a incorrect authorization vulnerability rated CVSS 8.1.. A patch is available.

Is there a public PoC exploit available for CVE-2026-31892?

Yes, a public proof-of-concept exploit is available for CVE-2026-31892. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-31892?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Kubernetes CVE-2026-31892

HIGH

Incorrect Authorization (CWE-863)

2026-03-11 security-advisories@github.com

GHSA-3wf5-g532-rcrr

Kubernetes Authentication Bypass Argo Workflows Red Hat Suse

8.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.1 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

SUSE

HIGH

qualitative

Red Hat

9.9 HIGH

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 11, 2026 - 16:16 nvd

HIGH 8.1

DescriptionGitHub Advisory

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin-approved templates. The podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging and is applied directly to the pod spec at creation time with no security validation. This vulnerability is fixed in 4.0.2 and 3.7.11.

AnalysisAI

Argo Workflows versions 2.9.0 through 4.0.1 (and 3.x before 3.7.11) allow authenticated users to bypass WorkflowTemplate security policies by injecting a podSpecPatch field in workflow submissions, circumventing even strict template referencing controls. An attacker with workflow submission privileges can exploit this to modify pod specifications without security validation, potentially gaining unauthorized access or executing arbitrary code. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Argo Workflows controller

Exploit

Submit Workflow with podSpecPatch field

Execution

Override WorkflowTemplate security settings

Impact

Execute arbitrary pod specifications

Access

Authenticate to Argo Workflows controller

Exploit

Submit Workflow with podSpecPatch field

Execution

Override WorkflowTemplate security settings

Impact

Execute arbitrary pod specifications

Vulnerability AssessmentAI

Exploitation	User must have Workflow submission privileges on Argo Workflows cluster running versions 2.9.0 to before 4.0.2 or 3.7.11. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Exploitation requires authentication. Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker (requires authentication) could exploit this vulnerability to compromise the affected system.
Remediation	Fixed in version 4.0.2. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-50563 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with Fu

CVE-2026-50566 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission prior to version 1.24.0 allows a tenant holding environments.fission.io create/update RB

CVE-2026-50545 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission prior to 1.24.0 allows an authenticated user with permission to create or modify Environ

CVE-2026-50564 CRITICAL Act Now

9.9 Jun 10

Privilege escalation in Fission (Kubernetes-native serverless framework) prior to version 1.24.0 allows a tenant with En

CVE-2026-49824 HIGH This Week

8.5 Jun 10

Cross-namespace access control bypass in Fission (Kubernetes-native serverless framework) prior to 1.24.0 allows an auth

Vendor StatusVendor

SUSE

Severity: High

CVE-2026-31892 vulnerability details – vuln.today

Back

Kubernetes CVE-2026-31892

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code