CVE-2026-23960
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in Argo Workflows allows workflow authors to inject malicious JavaScript into artifact directory listings. When other users view these listings, the script executes in their browser with their Argo Server privileges, potentially enabling unauthorized API actions. Affected users are those running Argo Workflows versions prior to 3.6.17 or 3.7.8.
💻 Affected Systems
- Argo Workflows
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with workflow author privileges could execute arbitrary JavaScript in an administrator's browser, leading to complete compromise of the Argo Workflows instance, data exfiltration, or lateral movement within the Kubernetes cluster.
Likely Case
Workflow authors could perform unauthorized API actions using victims' credentials, potentially modifying workflows, accessing sensitive data, or disrupting operations.
If Mitigated
With proper input validation and output encoding, the impact would be limited to minor UI disruption without privilege escalation.
🎯 Exploit Status
Exploitation requires workflow author privileges to create malicious artifact listings. The vulnerability is well-documented in the advisory with specific code references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.6.17 or 3.7.8
Vendor Advisory: https://github.com/argoproj/argo-workflows/security/advisories/GHSA-cv78-6m8q-ph82
Restart Required: Yes
Instructions:
1. Identify your Argo Workflows version. 2. Upgrade to either v3.6.17 (for 3.6.x branch) or v3.7.8 (for 3.7.x branch). 3. Restart all Argo Workflows components. 4. Verify the fix by checking version and testing artifact functionality.
🔧 Temporary Workarounds
Restrict workflow author privileges
allLimit who can create workflows and artifact directories to trusted users only.
Implement Content Security Policy
allAdd CSP headers to restrict JavaScript execution in Argo Server responses.
Add 'Content-Security-Policy' header with appropriate directives to Argo Server configuration
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Argo Workflows from sensitive systems
- Enable detailed audit logging for all workflow and artifact operations
🔍 How to Verify
Check if Vulnerable:
Check if Argo Workflows version is below 3.6.17 (for 3.6.x) or below 3.7.8 (for 3.7.x). Review artifact_server.go lines 194-244 for missing input sanitization.Check Version:
kubectl get deployment -n argo argo-server -o jsonpath='{.spec.template.spec.containers[0].image}' | grep -o 'v[0-9.]*'Verify Fix Applied:
Confirm version is 3.6.17+ or 3.7.8+. Test artifact directory functionality to ensure proper HTML escaping.📡 Detection & Monitoring
Log Indicators:
- Unusual artifact creation patterns
- JavaScript payloads in artifact names or paths
- Unexpected API calls from user sessions
Network Indicators:
- Suspicious JavaScript in HTTP responses from artifact endpoints
- Unexpected outbound connections from Argo Server
SIEM Query:
source="argo-server" AND (artifact* OR directory) AND (javascript: OR <script> OR onerror=)🔗 References
- https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244
- https://github.com/argoproj/argo-workflows/commit/159a5c56285ecd4d3bb0a67aeef4507779a44e17
- https://github.com/argoproj/argo-workflows/releases/tag/v3.6.17
- https://github.com/argoproj/argo-workflows/releases/tag/v3.7.8
- https://github.com/argoproj/argo-workflows/security/advisories/GHSA-cv78-6m8q-ph82
