Vendor
high
advisory
Argo Workflows Template Referencing Restriction Bypass
3 rules 2 TTPs 1 CVEArgo Workflows has an incomplete fix for CVE-2026-31892, allowing bypass of templateReferencing restrictions to modify pod specifications, leading to potential privilege escalation and security context overrides.
argo-workflows
kubernetes
privilege-escalation
defense-evasion
3r
2t
1c
high
advisory
Argo Workflows ConfigMap Sync Service Missing Authorization Vulnerability
2 rules 1 TTPThe Sync Service's ConfigMap-backed provider in Argo Workflows performs zero authorization checks on all CRUD operations, allowing any authenticated user to create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits, potentially leading to denial of service, workflow disruption, information disclosure, or arbitrary ConfigMap manipulation in Argo Workflows versions v4.0.0 to v4.0.4.
argo-workflows/v4
argo-workflows
kubernetes
configmap
authorization
vulnerability
2r
1t