These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-42297 is a high-severity authorization flaw in Argo Workflows’ Sync Service ConfigMap-backed provider. In affected versions 4.0.0 through before 4.0.5, the provider accepted create, read, update, and delete actions on synchronization ConfigMaps without performing authorization checks. The issue was patched in Argo Workflows v4.0.5.
CVE-2026-42296 is an authorization/control bypass in Argo Workflows. According to the advisory, a user who only has create Workflow permission could bypass templateReferencing: Strict and submit workflows that change security-relevant pod settings, including host network access, service account selection, pod security context, tolerations, and service account token mounting. The issue was fixed in Argo Wo [truncated]
CVE-2026-42295 affects Argo Workflows and can expose artifact repository credentials in plaintext through workflow executor logs. In versions 4.0.0 through before 4.0.5, anyone with read access to workflow pod logs could extract secrets such as S3 access keys, GCS service account keys, Azure account keys, or Git passwords. The issue is fixed in Argo Workflows 4.0.5.
CVE-2026-42294 is a high-severity denial-of-service vulnerability in Argo Workflows. Before versions 3.7.14 and 4.0.5, the Webhook Interceptor on the publicly accessible /api/v1/events/ endpoint read the full request body into memory before authenticating the request or checking its signature. An attacker could send an extremely large request body and force excessive memory allocation, potentially causing [truncated]
CVE-2026-42183 affects Argo Workflows 4.0.0 through before 4.0.5. In the affected SSO/RBAC configuration, a nil pointer dereference in gatekeeper authorization handling can panic the server and interrupt service for certain authenticated users. The issue is patched in Argo Workflows 4.0.5.
Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes, has a critical vulnerability (CVE-2026-42880) in its ServerSideDiff endpoint. This vulnerability, with a CVSS score of 9.6, allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. The issue affects Argo CD versions from 3.2.0 to [truncated]
CVE-2026-43824 is a vulnerability in Argo CD, a popular open-source continuous delivery tool for Kubernetes. The issue affects versions 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9. The vulnerability is related to the ServerSideDiff feature, which allows reading cleartext Kubernetes Secret data. This could potentially lead to unauthorized access to sensitive information. The Common Vulnerability Scoring Sys [truncated]
CVE-2026-40886 is a high-severity vulnerability in Argo Workflows, an open-source container-native workflow engine. The vulnerability causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. This panic occurs inside an informer goroutine, outside the controller's recover() scope, crashing the entire controller process. The affected pod persis [truncated]
CVE-2026-31892 is a high-severity vulnerability in Argo Workflows, an open-source container-native workflow engine for Kubernetes. The vulnerability allows a user who can submit Workflows to completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This bypass occurs even when the controller is configured with templateReferencing: [truncated]
CVE-2026-28229 is a critical vulnerability in Argo Workflows, an open-source container-native workflow engine for Kubernetes. The vulnerability allows any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates without proper authorization, potentially leaking sensitive template content, including embedded Secret manifests. This issue was fixed in versions 4.0.2 and 3.7.11. The vulnerability has [truncated]
CVE-2026-23960 is a high-severity vulnerability in Argo Workflows, an open-source container-native workflow engine for Kubernetes. The vulnerability allows stored XSS attacks in the artifact directory listing, enabling any workflow author to execute arbitrary JavaScript in another user's browser under the Argo Server origin. This could lead to API actions with the victim's privileges. The vulnerability ha [truncated]