Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42295 |
|
Vulnerability in argo-workflows (CVE-2026-42295)
vulnerability in argo-workflows (CVE-2026-42295). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-42296 |
|
Authorization Flaw in argo-workflows (CVE-2026-42296)
vulnerability in argo-workflows (CVE-2026-42296). Confidential information can be exposed externally. Exploitable via ``podSpecPatch``. Mitigation: upgrade to `3.7.14, 4.0.5` or later.
|
| CVE-2026-42297 |
|
Vulnerability in argo-workflows (CVE-2026-42297)
vulnerability in argo-workflows (CVE-2026-42297). Data can be tampered with by attackers. Exploitable via ``auth.CanI``. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-42294 |
|
Vulnerability in argo-workflows (CVE-2026-42294)
vulnerability in argo-workflows (CVE-2026-42294). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/events/some-namespace`. Mitigation: upgrade to `3.7.14, 4.0.5` or later.
|
| CVE-2026-42183 |
|
Vulnerability in argo-workflows (CVE-2026-42183)
vulnerability in argo-workflows (CVE-2026-42183). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/workflows/target-ns`. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-40886 |
|
Vulnerability in argoproj (CVE-2026-40886)
vulnerability in argoproj (CVE-2026-40886). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-31892 |
|
Authorization Flaw in argoproj (CVE-2026-31892)
vulnerability in argoproj (CVE-2026-31892). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.2` or later.
|
| CVE-2026-28229 |
|
Authorization Flaw in github.com/argoproj/argo-workflows/v4 (CVE-2026-28229)
vulnerability in github.com/argoproj/argo-workflows/v4 (CVE-2026-28229). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.2` or later.
|
| CVE-2026-23960 |
|
Cross-Site Scripting (XSS) in argoproj (CVE-2026-23960)
cross-site scripting in argoproj (CVE-2026-23960). Risk of unauthorized operations or information disclosure.
|