Description
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. This defeats the stated purpose of the feature. The practical impact depends on what Kubernetes-level controls are in place. Clusters with PodSecurity admission or OPA/Gatekeeper would independently block some of these (like hostNetwork). Clusters that rely on Argo's Strict mode as the primary enforcement layer are fully exposed. This issue has been patched in versions 3.7.14 and 4.0.5.
Published: 2026-05-09
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A configuration flaw in Argo Workflows allows users with the ‘create Workflow’ permission to bypass the templateReferencing Strict mode. By exploiting this, an attacker can gain host network access, switch service accounts, override pod security contexts, add tolerations to schedule on control‑plane nodes, or enable service account token mounting. The flaw is classified as CWE‑863 (Improper Authorization). The resulting compromise depends on the cluster’s own security policies; if the cluster relies solely on Argo’s Strict mode, the attacker can elevate privileges to the level required to run arbitrary containers on the host or to impersonate privileged service accounts.

Affected Systems

The issue affects the open‑source container‑native workflow engine Argo Workflows, as distributed by argoproj. Versions prior to 3.7.14 for the v3 branch and prior to 4.0.5 for the v4 branch are vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 8.1, indicating high severity. An EPSS score is not provided, and the defect is not listed in CISA’s KEV catalog. The exploitation requires a user with Workflow creation rights; once such a user is compromised or malicious, the attacker can inject privileged configurations into new workflows, potentially bypassing Kubernetes admission controls such as PodSecurity admission or OPA/Gatekeeper if those are the only protective layers. The attack vector is likely through the Argo API or user interface, where the attacker submits a workflow that leverages the bypassed Strict mode.

Generated by OpenCVE AI on May 9, 2026 at 05:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Argo Workflows to version 3.7.14 or later on the v3 branch, or to version 4.0.5 or later on the v4 branch, to apply the fix for this bypass.
  • Restrict the ‘create workflow’ permission to trusted users or service accounts so that only authorized personnel can create new workflows.
  • Enforce additional cluster‑level security controls, such as PodSecurity admission or Gatekeeper policies, to block the use of host network, privileged service accounts, or elevated tolerations even if the Strict mode is bypassed.

Generated by OpenCVE AI on May 9, 2026 at 05:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3775-99mw-8rp4 Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
History

Sat, 09 May 2026 05:45:00 +0000

Type Values Removed Values Added
First Time appeared Argoproj
Argoproj argo-workflows
Vendors & Products Argoproj
Argoproj argo-workflows

Sat, 09 May 2026 04:15:00 +0000

Type Values Removed Values Added
Description Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. This defeats the stated purpose of the feature. The practical impact depends on what Kubernetes-level controls are in place. Clusters with PodSecurity admission or OPA/Gatekeeper would independently block some of these (like hostNetwork). Clusters that rely on Argo's Strict mode as the primary enforcement layer are fully exposed. This issue has been patched in versions 3.7.14 and 4.0.5.
Title Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Argoproj Argo-workflows
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-09T03:52:03.456Z

Reserved: 2026-04-26T12:13:55.552Z

Link: CVE-2026-42296

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-09T04:16:25.563

Modified: 2026-05-09T04:16:25.563

Link: CVE-2026-42296

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T05:30:16Z

Weaknesses