CVE-2026-28229

Critical CVSS: 9.8

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. This vulnerability is fixed in 4.0.2 and 3.7.11.

Vendor

Argoproj

Product

Argo Workflows

CWE

CWE-863

Yayın Tarihi

2026-03-11 16:16:40

Güncelleme

2026-03-20 14:27:59

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Argo Workflows CRITICAL Argoproj 2026

Referanslar

https://github.com/argoproj/argo-workflows/security/advisories/GHSA-56px-hm34-xqj5

Benzer Kayıtlar

High

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.…

High

CVE-2026-23960

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior t…

High

CVE-2025-66626

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Version…

High

CVE-2025-62156

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Version…

High

CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Wo…

High

CVE-2025-59531

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 throug…