CVE-2026-42296
Privilege Escalation in Argo Workflows via Template Bypass
Publication date: 2026-05-09
Last updated on: 2026-05-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| argoproj | argo_workflows | to 4.0.5 (exc) |
| argoproj | argo_workflows | 3.7.14 |
| argoproj | argo_workflows | 4.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-42296 is a security vulnerability in Argo Workflows, an open source container-native workflow engine for Kubernetes. It allows a user with create Workflow permission to bypass security restrictions set by the templateReferencing feature in Strict or Secure mode.
Specifically, the vulnerability lets an attacker override pod security settings such as host network access, service account switching, pod security context, tolerations for scheduling on control-plane nodes, and service account token mounting by injecting fields like podSpecPatch or other WorkflowSpec fields. These overrides bypass the intended security enforcement of the referenced WorkflowTemplate.
The root cause is that the Strict mode only checked for the presence of workflowTemplateRef but did not inspect or restrict other fields that could override security settings. This flaw allows unauthorized privilege escalation within the Kubernetes cluster.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized privilege escalation within a Kubernetes cluster running Argo Workflows.
- An attacker with create Workflow permission can gain host network access, which may expose sensitive network resources.
- They can switch service accounts, potentially gaining higher privileges or access to restricted resources.
- They can override pod security contexts and add tolerations to schedule pods on control-plane nodes, increasing the risk of compromising critical cluster components.
- They can enable service account token mounting, which could allow access to Kubernetes API credentials.
The practical impact depends on the Kubernetes-level controls in place. Clusters relying solely on Argo's Strict mode are fully exposed, while those with additional controls like PodSecurity admission or OPA/Gatekeeper may block some attack vectors.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying Argo Workflows that include unauthorized overrides in their Workflow specifications, such as the use of podSpecPatch or fields like hostNetwork, serviceAccountName, or securityContext that bypass template referencing restrictions.
You can inspect workflows submitted to your Argo Workflows instance for suspicious fields that override security settings. For example, querying the Kubernetes API for workflows with these fields set can help detect exploitation attempts.
- Use kubectl to list workflows and check for podSpecPatch or suspicious overrides: kubectl get workflows -o json | jq '.items[] | select(.spec.podSpecPatch != null or .spec.hostNetwork == true or .spec.serviceAccountName != null or .spec.securityContext != null)'
- Audit Argo Workflows logs for creation of workflows by users with create Workflow permission that include these overrides.
Note that detection depends on your logging and monitoring setup, and additional custom scripts or tools may be required to automate this process.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade Argo Workflows to version 3.7.14 or 4.0.5 or later, where this vulnerability has been patched.
If immediate upgrade is not possible, consider the following steps:
- Restrict users' create Workflow permissions to trusted users only.
- Implement Kubernetes-level controls such as PodSecurity admission controllers or OPA/Gatekeeper policies to block unsafe pod specifications like hostNetwork usage or service account overrides.
- Avoid relying solely on Argo Workflows' templateReferencing: Strict mode as the primary enforcement layer.
These steps reduce the risk of exploitation until the patched versions can be deployed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Argo Workflows allows users with create Workflow permission to bypass security restrictions and gain unauthorized access to host network, service accounts, and elevated privileges. This can lead to unauthorized access or modification of sensitive data or system components.
Clusters relying solely on Argo's Strict mode for enforcement are fully exposed, which could result in non-compliance with security requirements mandated by standards like GDPR or HIPAA that require strict access controls and protection of sensitive data.
However, clusters that implement additional Kubernetes-level controls such as PodSecurity admission or OPA/Gatekeeper may mitigate some of these risks, potentially reducing the impact on compliance.