pkg:Go/github.com/argoproj/argo-workflows/v4
10 total CVEsHIGH4
✅ Check your installed version
All known vulnerabilities
HIGH8.1CVE-2026-42296Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure >= 4.0.0, < 4.0.5
HIGH7.7CVE-2026-40886Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller >= 4.0.0, < 4.0.5
HIGH7.5CVE-2026-28229Argo Workflows has unauthorized access to Argo Workflows Template from 0, < 4.0.2
HIGH7.5CVE-2026-28229Argo Workflows has unauthorized access to Argo Workflows Template from 0, < 4.0.2
—CVE-2026-42295Argo Workflows: Exposure of artifact repository credentials >= 4.0.0, < 4.0.5
—CVE-2026-42294Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor >= 4.0.0, < 4.0.5
—CVE-2026-42183Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) >= 4.0.0, < 4.0.5
—CVE-2026-42297Argo Workflows Is Missing Authorization in Sync ConfigMap Provider >= 4.0.0, < 4.0.5
—CVE-2026-31892WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode from 0, < 4.0.2
—CVE-2026-31892WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode from 0, < 4.0.2