CVE-2026-23960 in argo-workflows
Summary
by MITRE • 01/22/2026
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Versions 3.6.17 and 3.7.8 fix the issue.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/17/2026
The vulnerability identified as CVE-2026-23960 affects Argo Workflows, a popular open source container-native workflow engine designed for orchestrating parallel jobs within Kubernetes environments. This security flaw represents a critical stored cross-site scripting vulnerability that exists in versions prior to 3.6.17 and 3.7.8, creating a significant risk for organizations relying on this workflow orchestration platform. The vulnerability specifically targets the artifact directory listing functionality, which serves as a critical interface for users to access and manage workflow artifacts within the Argo Server environment.
The technical implementation of this vulnerability stems from inadequate input sanitization within the artifact directory listing component of Argo Workflows. When workflow authors create or modify artifacts, the system fails to properly escape or validate user-supplied data before rendering it in the web interface. This allows malicious actors to inject malicious JavaScript code into artifact names or metadata that gets subsequently displayed to other users. The vulnerability is classified as stored XSS under CWE-79, which specifically addresses the improper handling of untrusted data in web applications. The flaw operates by leveraging the trust relationship between the victim's browser and the Argo Server origin, enabling attackers to execute arbitrary JavaScript code in the context of the victim's session.
The operational impact of this vulnerability extends far beyond simple script execution, as it enables privilege escalation through session hijacking and API abuse. When a victim user navigates to a directory containing maliciously crafted artifact names, their browser executes the injected JavaScript code under the Argo Server's origin, effectively granting the attacker the same privileges as the victim user. This creates a dangerous scenario where any workflow author can potentially compromise other users within the same Argo Workflows environment, leading to unauthorized access to workflows, artifacts, and potentially sensitive data. The attack vector aligns with ATT&CK technique T1566.001, which involves the exploitation of web applications through cross-site scripting vulnerabilities to gain unauthorized access and execute malicious code in the context of the victim's session.
Organizations using Argo Workflows must urgently implement mitigations to address this vulnerability, with immediate upgrades to versions 3.6.17 or 3.7.8 being the primary recommendation. These patched versions contain proper input validation and output encoding mechanisms that prevent the storage and execution of malicious scripts within artifact listings. Additionally, administrators should consider implementing network-level protections such as web application firewalls to detect and block suspicious script execution patterns, though this represents a secondary defense measure. The vulnerability demonstrates the critical importance of proper input sanitization in web applications, particularly when dealing with user-generated content that may be displayed to other users within the same security context. Security teams should also conduct thorough audits of their Argo Workflows installations to identify any potentially compromised artifacts or sessions, while monitoring for suspicious activity that might indicate exploitation attempts.