Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure
Summary
| CVE | CVE-2026-42296 |
|---|---|
| State | PUBLISHED |
| Assigner | GitHub_M |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-09 04:16:25 UTC |
| Updated | 2026-06-30 03:19:36 UTC |
| Description | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. This defeats the stated purpose of the feature. The practical impact depends on what Kubernetes-level controls are in place. Clusters with PodSecurity admission or OPA/Gatekeeper would independently block some of these (like hostNetwork). Clusters that rely on Argo's Strict mode as the primary enforcement layer are fully exposed. This issue has been patched in versions 3.7.14 and 4.0.5. |
Risk And Classification
Primary CVSS: v3.1 8.1 HIGH from ADP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS: 0.000280000 probability, percentile 0.080240000 (date 2026-05-12)
Problem Types: CWE-863 | CWE-863 CWE-863: Incorrect Authorization | CWE-863 Incorrect Authorization
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | CVSS | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | [email protected] | Secondary | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | CNA | DECLARED | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Argoproj | Argo Workflows | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Argoproj | Argo-workflows | affected < 3.7.14 | Not specified |
| CNA | Argoproj | Argo-workflows | affected >= 4.0.0, < 4.0.5 | Not specified |
| ADP | Red Hat | Red Hat OpenShift AI RHOAI | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42296.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| github.com/argoproj/argo-workflows/releases/tag/v3.7.14 | [email protected] | github.com | Release Notes |
| access.redhat.com/security/cve/CVE-2026-42296 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/argoproj/argo-workflows/security/advisories/GHSA-3775-99mw-8rp4 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | github.com | Exploit, Mitigation, Vendor Advisory |
| github.com/argoproj/argo-workflows/releases/tag/v4.0.5 | [email protected] | github.com | Release Notes |
| github.com/argoproj/argo-workflows/commit/534f4ff1cbd86908e8ff76d97d553a... | [email protected] | github.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-05-09T05:01:27.119Z | Reported to Red Hat. |
| ADP | 2026-05-09T03:52:03.456Z | Made public. |
Workarounds
ADP: Upgrade Argo Workflows to version 3.7.14 or later (3.x line) or 4.0.5+ (4.x line) in affected Red Hat OpenShift AI releases. Red Hat OpenShift AI engineering is expected to deliver updated Data Science Pipelines builds for affected streams (rhoai-2.25, rhoai-3.3, rhoai-3.4). As a defense-in-depth measure, enforce PodSecurity admission or policy controls to block hostNetwork, privileged pods, and unauthorized service account use independently of Argo templateReferencing settings. Restrict Workflow create permissions to trusted principals.