{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/argo/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-31892"}],"_cs_exploited":false,"_cs_products":["argo-workflows"],"_cs_severities":["high"],"_cs_tags":["argo-workflows","kubernetes","privilege-escalation","defense-evasion"],"_cs_type":"advisory","_cs_vendors":["Argo"],"content_html":"\u003cp\u003eArgo Workflows, a Kubernetes-native workflow engine, contains an incomplete fix for CVE-2026-31892. The initial patch blocked \u003ccode\u003epodSpecPatch\u003c/code\u003e modifications when \u003ccode\u003etemplateReferencing: Strict\u003c/code\u003e was active. However, other fields within the WorkflowSpec that influence pod creation, such as \u003ccode\u003ehostNetwork\u003c/code\u003e, \u003ccode\u003eserviceAccountName\u003c/code\u003e, and \u003ccode\u003esecurityContext\u003c/code\u003e, were not restricted. This allows a malicious user to bypass intended security controls and potentially escalate privileges within the Kubernetes cluster. Versions affected include those supporting the \u003ccode\u003etemplateReferencing\u003c/code\u003e feature, specifically v4.0.2 and v3.7.11, which include the initial fix for CVE-2026-31892 but are still vulnerable to this bypass. This vulnerability exists because the check in \u003ccode\u003esetExecWorkflow\u003c/code\u003e only validates \u003ccode\u003eHasPodSpecPatch()\u003c/code\u003e, while other critical fields are applied directly to the pod specification. The bypass affects both \u003ccode\u003eStrict\u003c/code\u003e and \u003ccode\u003eSecure\u003c/code\u003e modes.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains \u003ccode\u003ecreate Workflow\u003c/code\u003e permission within the Argo Workflows environment.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a Workflow manifest that references a hardened WorkflowTemplate.\u003c/li\u003e\n\u003cli\u003eAttacker sets \u003ccode\u003ehostNetwork: true\u003c/code\u003e (or other vulnerable fields like \u003ccode\u003esecurityContext\u003c/code\u003e, \u003ccode\u003eserviceAccountName\u003c/code\u003e, \u003ccode\u003etolerations\u003c/code\u003e, or \u003ccode\u003eautomountServiceAccountToken\u003c/code\u003e) in the Workflow manifest.\u003c/li\u003e\n\u003cli\u003eThe Workflow is submitted, and the \u003ccode\u003esetExecWorkflow\u003c/code\u003e function in the Argo controller only checks for \u003ccode\u003epodSpecPatch\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to the missing validation, the user-defined \u003ccode\u003ehostNetwork: true\u003c/code\u003e (or other vulnerable fields) is merged with the WorkflowTemplate specification.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecreateWorkflowPod\u003c/code\u003e function reads the merged specification and applies the \u003ccode\u003ehostNetwork: true\u003c/code\u003e setting directly to the pod specification, bypassing the intended restrictions.\u003c/li\u003e\n\u003cli\u003eA pod is created with host networking enabled, granting the container access to the host\u0026rsquo;s network namespace.\u003c/li\u003e\n\u003cli\u003eThe attacker can now access sensitive information or perform actions on the network as if they were running directly on the host.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker to bypass the intended security restrictions imposed by Argo Workflows\u0026rsquo; \u003ccode\u003etemplateReferencing\u003c/code\u003e feature. This can lead to privilege escalation, unauthorized access to network resources, and the potential to compromise other containers or nodes within the Kubernetes cluster. The impact is most significant in clusters that rely on Argo\u0026rsquo;s Strict mode as the primary enforcement layer, as other Kubernetes-level controls like PodSecurity admission or OPA/Gatekeeper may not be in place to mitigate these bypasses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eArgo Workflow Host Network Bypass\u003c/code\u003e to detect workflows attempting to set \u003ccode\u003ehostNetwork: true\u003c/code\u003e, and tune for your environment.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eArgo Workflow Service Account Override\u003c/code\u003e to detect workflows attempting to override the service account.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of Argo Workflows that addresses CVE-2026-42296, ensuring that all WorkflowSpec fields that influence pod security posture are validated.\u003c/li\u003e\n\u003cli\u003eImplement Kubernetes-level controls, such as PodSecurity admission or OPA/Gatekeeper, to provide an additional layer of defense against unauthorized pod specification modifications.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T20:11:38Z","date_published":"2026-05-04T20:11:38Z","id":"/briefs/2026-05-argo-workflow-bypass/","summary":"Argo Workflows has an incomplete fix for CVE-2026-31892, allowing bypass of templateReferencing restrictions to modify pod specifications, leading to potential privilege escalation and security context overrides.","title":"Argo Workflows Template Referencing Restriction Bypass","url":"https://feed.craftedsignal.io/briefs/2026-05-argo-workflow-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["argo-workflows/v4"],"_cs_severities":["high"],"_cs_tags":["argo-workflows","kubernetes","configmap","authorization","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Argo"],"content_html":"\u003cp\u003eArgo Workflows, a Kubernetes-native workflow engine, is vulnerable to an authorization bypass in its Sync Service\u0026rsquo;s ConfigMap-backed provider. This vulnerability, present in versions 4.0.0 through 4.0.4, stems from a lack of authorization checks on CRUD operations performed on ConfigMaps. This means that any authenticated user, even with a fake Bearer token, can create, read, update, and delete Kubernetes ConfigMaps used for synchronization limits. This flaw allows attackers to potentially disrupt workflow execution, access sensitive configuration data, or even manipulate ConfigMaps in namespaces accessible to the server\u0026rsquo;s service account. The vulnerability was reported on May 4, 2026, and poses a significant risk to Argo Workflows deployments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains network access to the Argo Server.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the Argo Server using any valid or even a \u0026ldquo;fake\u0026rdquo; Bearer token (e.g., \u003ccode\u003efake-token\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a POST request to the \u003ccode\u003e/api/v1/sync/default\u003c/code\u003e endpoint to create a new Sync Limit ConfigMap with specified parameters like namespace, ConfigMap name, key, and limit.\u003c/li\u003e\n\u003cli\u003eThe Argo Server\u0026rsquo;s \u003ccode\u003econfigMapSyncProvider.createSyncLimit\u003c/code\u003e function executes without performing any authorization checks.\u003c/li\u003e\n\u003cli\u003eThe function uses the Kubernetes client to create a ConfigMap in the specified namespace based on the attacker\u0026rsquo;s input.\u003c/li\u003e\n\u003cli\u003eAttacker can subsequently send GET, PUT, or DELETE requests to \u003ccode\u003e/api/v1/sync/default/{key}\u003c/code\u003e to read, update, or delete existing Sync Limit ConfigMaps without authorization.\u003c/li\u003e\n\u003cli\u003eThe Argo Server processes these requests, modifying the ConfigMaps accordingly, due to the missing \u003ccode\u003eauth.CanI\u003c/code\u003e checks.\u003c/li\u003e\n\u003cli\u003eThe attacker disrupts workflow execution, gains access to sensitive configuration data, or manipulates ConfigMaps, leading to denial of service or other malicious outcomes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker with network access to the Argo Server and valid or fake authentication credentials to perform several malicious actions. They can cause a denial of service by setting sync limits to zero or a very low number, effectively blocking parallel workflow execution. Attackers can also disrupt running workflows by modifying existing sync limits. Furthermore, they can gain access to sensitive information by reading ConfigMap data or manipulate ConfigMaps in any namespace accessible to the server\u0026rsquo;s service account. This could lead to complete compromise of the Argo Workflows environment.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Argo Workflows version 4.0.5 or later to patch CVE-2026-42297 and mitigate the missing authorization checks.\u003c/li\u003e\n\u003cli\u003eMonitor access logs on the Argo Server for unexpected API calls to the \u003ccode\u003e/api/v1/sync\u003c/code\u003e endpoints, especially POST, PUT, and DELETE requests, which could indicate unauthorized ConfigMap manipulation. Use the rule \u003ccode\u003eArgo Workflows ConfigMap Sync Service Modification\u003c/code\u003e to detect unauthorized modifications.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation and access controls to limit network access to the Argo Server, reducing the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-05-03T16:23:00Z","date_published":"2024-05-03T16:23:00Z","id":"/briefs/2024-05-argo-configmap-auth-bypass/","summary":"The Sync Service's ConfigMap-backed provider in Argo Workflows performs zero authorization checks on all CRUD operations, allowing any authenticated user to create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits, potentially leading to denial of service, workflow disruption, information disclosure, or arbitrary ConfigMap manipulation in Argo Workflows versions v4.0.0 to v4.0.4.","title":"Argo Workflows ConfigMap Sync Service Missing Authorization Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-05-argo-configmap-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Argo","version":"https://jsonfeed.org/version/1.1"}