CVE-2026-23960

High CVSS: 7.3

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Versions 3.6.17 and 3.7.8 fix the issue.

Vendor

Argoproj

Product

Argo Workflows

CWE

CWE-79

Yayın Tarihi

2026-01-21 22:15:50

Güncelleme

2026-02-17 16:56:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Argo Workflows HIGH Argoproj 2026

Referanslar

https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244 https://github.com/argoproj/argo-workflows/commit/159a5c56285ecd4d3bb0a67aeef4507779a44e17 https://github.com/argoproj/argo-workflows/releases/tag/v3.6.17 https://github.com/argoproj/argo-workflows/releases/tag/v3.7.8 https://github.com/argoproj/argo-workflows/security/advisories/GHSA-cv78-6m8q-ph82

Benzer Kayıtlar

High

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.…

Critical

CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior t…

High

CVE-2025-66626

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Version…

High

CVE-2025-62156

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Version…

High

CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Wo…

High

CVE-2025-59531

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 throug…