Skip to main content

Argo Workflows EUVDEUVD-2026-45029

| CVE-2026-54526 HIGH
Improper Access Control (CWE-284)
2026-07-16 security-advisories@github.com
8.9
CVSS 4.0 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
8.9 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.5 HIGH

Authenticated workflow submitter (PR:L) over the API (AV:N); AC:H because a specific referenced-template + artifact-GC configuration is required; privileged pod escapes to the node (S:C) with full C/I/A impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Jul 16, 2026 - 22:19 EUVD
Source Code Evidence Fetched
Jul 16, 2026 - 19:32 vuln.today
Analysis Generated
Jul 16, 2026 - 19:32 vuln.today
CVE Published
Jul 16, 2026 - 19:16 cve.org
HIGH 8.9

DescriptionCVE.org

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 3.7.15 and 4.0.6, the allow-list fix for CVE-2026-31892 is incomplete because workflow/util/merge.go ValidateUserOverrides and SanitizeUserWorkflowSpec walk only the top-level fields of WorkflowSpec via reflection, and WorkflowSpec.ArtifactGC is allow-listed wholesale; the struct behind that field, WorkflowLevelArtifactGC, has a PodSpecPatch sub-field whose contents flow unmodified into util.ApplyPodSpecPatch on the artifact-GC pod, the same sink the original fix closed for WorkflowSpec.PodSpecPatch, so a user submitting a Workflow under templateReferencing: Strict or Secure (against a referenced WorkflowTemplate that declares an output artifact and setting spec.artifactGC.strategy: OnWorkflowCompletion) can still inject an arbitrary strategic merge patch into the artifact-GC pod, including hostPath volumes, privileged: true, arbitrary image and command, and hostNetwork: true, defeating the stated purpose of Strict/Secure reference mode. This issue is fixed in versions 3.7.15 and 4.0.6.

AnalysisAI

Privilege escalation in Argo Workflows before 3.7.15 and 4.0.6 lets a low-privileged user who can submit Workflows bypass the Strict/Secure templateReferencing protections and inject an arbitrary strategic-merge PodSpecPatch into the artifact garbage-collection pod. Because the fix for CVE-2026-31892 only walked top-level WorkflowSpec fields and allow-listed WorkflowSpec.ArtifactGC wholesale, its nested WorkflowLevelArtifactGC.PodSpecPatch flowed unmodified into util.ApplyPodSpecPatch, allowing an attacker to spawn a pod with privileged: true, hostPath volumes, hostNetwork: true, and an attacker-chosen image and command. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate and submit Workflow referencing hardened template
Delivery
Set artifactGC strategy OnWorkflowCompletion with malicious podSpecPatch
Exploit
Bypass incomplete ArtifactGC allow-list validation
Execution
Controller applies patch to artifact-GC pod
Persist
Privileged pod runs with hostPath and hostNetwork
Impact
Escape to node and compromise cluster

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated user with rights to submit a Workflow (CVSS PR:L) that references a WorkflowTemplate under templateReferencing: Strict or Secure mode, where that referenced WorkflowTemplate declares an output artifact AND the submitted workflow sets spec.artifactGC.strategy: OnWorkflowCompletion; the malicious payload is placed in the nested spec.artifactGC.podSpecPatch (WorkflowLevelArtifactGC.PodSpecPatch) field. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuinely high-impact issue but a conditional, authenticated one, not a spray-and-pray internet exploit. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A tenant with permission only to submit Workflows references a hardened WorkflowTemplate (Strict/Secure mode) that declares an output artifact, and sets spec.artifactGC.strategy: OnWorkflowCompletion plus a spec.artifactGC.podSpecPatch containing privileged: true, a hostPath mount of the node root, hostNetwork: true, and an attacker image and command. When the workflow completes, the controller creates the artifact-GC pod with the injected patch, giving the attacker a privileged container on a cluster node for host filesystem access and lateral movement. …
Remediation Vendor-released patch: upgrade to Argo Workflows 3.7.15 (3.x users) or 4.0.6 (4.x users), per GHSA-48p8-g2fx-3wwm and fix commits 277e9cef0ad16d7eaaab253573d0695951a65dbd and 358cc3968c8f06f1be0967e41df191088db0b662; these add validation-time rejection and sanitization of ArtifactGC.PodSpecPatch, ArtifactGC.ServiceAccountName, and ArtifactGC.PodMetadata. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Argo Workflows deployments and identify versions prior to 3.7.15 (v3 track) or 4.0.6 (v4 track); audit RBAC policies to determine which users and service accounts currently have permission to submit workflows. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

EUVD-2026-45029 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy