Argo Workflows CVE-2026-42295
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionGitHub Advisory
Summary
The workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials.
Note: This is an incomplete fix of CVE-2025-62157
Details
The logging driver passes the entire ArtifactDriver struct to the structured logger, for example: https://github.com/argoproj/argo-workflows/blob/59f1089b9875723ddffd524513e6bd5cb37e5e31/workflow/artifacts/logging/driver.go#L24
Exposed credential fields:
- S3 (workflow/artifacts/s3/s3.go): AccessKey, SecretKey, SessionToken, ServerSideCustomerKey
- OSS (workflow/artifacts/oss/oss.go): AccessKey, SecretKey, SecurityToken
- GCS (workflow/artifacts/gcs/gcs.go): ServiceAccountKey
PoC
- Create template
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
name: cred-leak-test
namespace: argo
spec:
entrypoint: main
templates:
- name: main
container:
image: alpine:3.13
command: [sh, -c]
args: ["echo 'hello' > /tmp/output.txt"]
outputs:
artifacts:
- name: output
path: /tmp/output.txt
s3:
endpoint: minio:9000
insecure: true
bucket: my-bucket
key: test-output.txt
accessKeySecret:
name: my-minio-cred
key: accesskey
secretKeySecret:
name: my-minio-cred
key: secretkey- Then check the logs
kubectl -n argo logs "cred-leak-test" -c wait <img width="1248" height="322" alt="image" src="https://github.com/user-attachments/assets/a5cf6d66-7d67-408d-8583-27d11ecf1507" />
Impact
Any user with Kubernetes RBAC permissions to read pod logs in the workflow namespace can extract artifact repository credentials.
AnalysisAI
Argo Workflows executor logs artifact repository credentials in plaintext to pod logs during artifact operations, exposing S3 access/secret keys, GCS service account keys, Azure storage keys, and Git passwords. Users with Kubernetes RBAC permissions to read pod logs in the workflow namespace can extract these credentials directly from workflow execution logs. This vulnerability affects Argo Workflows v4.0.0 through v4.0.4 and represents an incomplete fix of CVE-2025-62157. Vendor-released patch (v4.0.5) is available with GitHub commit bdd40908 removing credential-bearing struct logging. No public exploit identified at time of analysis, though exploitation is trivial given the included working proof-of-concept YAML.
Technical ContextAI
The vulnerability exists in Argo Workflows' artifact logging driver (workflow/artifacts/logging/driver.go), a Kubernetes-native workflow orchestration engine written in Go. The logging infrastructure passes entire ArtifactDriver structs to structured loggers using log.WithField("driver", d.ArtifactDriver), which serializes all struct fields including sensitive credential material. Affected artifact drivers include S3 (AccessKey, SecretKey, SessionToken, ServerSideCustomerKey), Alibaba OSS (AccessKey, SecretKey, SecurityToken), and Google Cloud Storage (ServiceAccountKey). This falls under CWE-522 (Insufficiently Protected Credentials), where secrets are exposed through unintended channels. The fix removes credential-bearing struct logging and switches to generic informational messages, demonstrating that credentials were never functionally necessary in log output. The underlying issue is a common Go logging anti-pattern where developers log entire structs without implementing custom masking methods or using struct tags to exclude sensitive fields. Kubernetes RBAC model exacerbates this because pod log access is a common debugging permission that inadvertently grants credential access when logs contain secrets.
RemediationAI
Upgrade to Argo Workflows v4.0.5 or later, released at https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5, which implements the complete fix via commit bdd40908580f727c590c8743836e338b04fe4a87. The patch removes credential-bearing struct logging from workflow/artifacts/logging/driver.go, replacing log.WithField calls containing ArtifactDriver structs with generic informational messages. After upgrading, rotate all artifact repository credentials that may have been exposed in logs, including S3 access keys, GCS service account keys, Azure storage account keys, and Git tokens referenced in workflow templates. Purge historical pod logs from aggregation systems (Splunk, ELK, CloudWatch, Loki) covering the exposure period to prevent retroactive credential harvesting. For environments unable to immediately upgrade, implement a compensating control by restricting Kubernetes RBAC pod log read permissions (verbs: get, list on resource: pods/log) to only essential service accounts and administrators. This mitigation reduces attack surface but does not eliminate credential exposure in logs - service accounts and cluster admins with log access can still extract credentials. Additionally, configure log rotation with short retention periods (24-48 hours) and disable centralized log shipping for the argo namespace until patching is complete. Note these workarounds significantly impact debugging capabilities and should only be temporary measures.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-7vf8-2cr6-54mf