anonhaven
Ad

CVE-2026-31892

HIGH CVSS 4.0: 8.9 EPSS 0.04%
Updated Mar 11, 2026
Kubernetes
Parameter Value
CVSS 8.9 (HIGH)
Affected Versions before 4.0.2
Fixed In 4.0.2
Type CWE-863 (Incorrect Authorization)
Vendor Kubernetes
Public PoC No

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin-approved templates.

The podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging and is applied directly to the pod spec at creation time with no security validation. This vulnerability is fixed in 4.0.2 and 3.7.11.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-863 Incorrect Authorization

References 1

https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3wf5-g532-r…
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31890

Kubernetes

4.8

CVE-2026-2808

Kubernetes

6.8

CVE-2026-31866

Kubernetes

7.5

CVE-2026-28229

Kubernetes

9.8

CVE-2026-29773

Kubernetes

4.3