CVE-2026-31892

HIGH EPSS 18.9%

Published Mar 11, 20263mo ago · Modified Mar 17, 20263mo ago

8.9 CVSS 4.0

High

Published Mar 11, 2026 3mo ago

Last Modified Mar 17, 2026 3mo ago

Description

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin-approved templates. The podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging and is applied directly to the pod spec at creation time with no security validation. This vulnerability is fixed in 4.0.2 and 3.7.11.

CVSS Details

Base Score

8.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

18.9% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-863 Incorrect Authorization Authorization

Affected Products 2

Vendor	Product	Version	Range
argoproj	argo_workflows	*	≥2.9.0 – <3.7.11
argoproj	argo_workflows	*	≥4.0.0 – <4.0.2

References 1

github.com https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3wf5-g532-rcrr

ExploitMitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.