These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-42297 is a high-severity authorization flaw in Argo Workflows’ Sync Service ConfigMap-backed provider. In affected versions 4.0.0 through before 4.0.5, the provider accepted create, read, update, and delete actions on synchronization ConfigMaps without performing authorization checks. The issue was patched in Argo Workflows v4.0.5.
CVE-2026-42296 is an authorization/control bypass in Argo Workflows. According to the advisory, a user who only has create Workflow permission could bypass templateReferencing: Strict and submit workflows that change security-relevant pod settings, including host network access, service account selection, pod security context, tolerations, and service account token mounting. The issue was fixed in Argo Wo [truncated]
CVE-2026-42295 affects Argo Workflows and can expose artifact repository credentials in plaintext through workflow executor logs. In versions 4.0.0 through before 4.0.5, anyone with read access to workflow pod logs could extract secrets such as S3 access keys, GCS service account keys, Azure account keys, or Git passwords. The issue is fixed in Argo Workflows 4.0.5.
CVE-2026-42294 is a high-severity denial-of-service vulnerability in Argo Workflows. Before versions 3.7.14 and 4.0.5, the Webhook Interceptor on the publicly accessible /api/v1/events/ endpoint read the full request body into memory before authenticating the request or checking its signature. An attacker could send an extremely large request body and force excessive memory allocation, potentially causing [truncated]
CVE-2026-42183 affects Argo Workflows 4.0.0 through before 4.0.5. In the affected SSO/RBAC configuration, a nil pointer dereference in gatekeeper authorization handling can panic the server and interrupt service for certain authenticated users. The issue is patched in Argo Workflows 4.0.5.