A high-severity authorization bypass vulnerability (CVE-2026-42297) has been discovered in Argo Workflows, a widely deployed Kubernetes-native workflow engine, allowing any network-accessible user, even with a fake Bearer token, to manipulate Kubernetes ConfigMaps fully used for synchronization limits without any permission checks.
Published on May 4, 2026, under advisory GHSA-xchc-cqwg-g76q, the flaw was reported by security researcher Nebojsaj1726, with remediation developed by Joibel and reviewed by Isubasinghe from the Argo project team.
The vulnerability is rated High severity with a CVSS v4 base score, carrying the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H.
Argo Workflows is an open-source, container-native workflow orchestration engine built specifically for Kubernetes. It enables teams to define and run complex, multi-step parallel jobs using DAG (Directed Acyclic Graph) pipelines, making it a foundational tool for data engineering, MLOps, and CI/CD automation across cloud-native environments.
CVE-2026-42297: Argo Workflows Auth Vulnerability
The vulnerability resides in server/sync/sync_cm.go, the ConfigMap-backed provider of Argo Workflows’ Sync Service. This module is responsible for managing Kubernetes ConfigMaps that store synchronization limits, which govern how many workflow steps can execute concurrently.
The critical flaw is that all four SyncService endpoints CreateSyncLimit, GetSyncLimit, UpdateSyncLimit, and DeleteSyncLimit perform absolutely zero auth.CanI authorization checks before interacting with Kubernetes ConfigMaps.
This means the server blindly accepts any HTTP request carrying a Bearer token header, regardless of whether the token is valid, expired, or entirely fabricated.
The vulnerable code path in sync_cm.go (lines 23–155) directly calls the Kubernetes client to create or modify ConfigMaps without validating caller permissions at any point.
This design oversight mirrors a pattern seen in at least two prior Argo vulnerabilities: CVE-2026-28229 (GHSA-56px-hm34-xqj5), which exposed unauthorized access to WorkflowTemplate endpoints due to the same missing auth.CanI check, and CVE-2024-53862 (GHSA-h36c-m3rf-34h9), an archived workflow authentication bypass with an identical root cause.
Security researchers demonstrated a straightforward exploitation scenario requiring only network access to the Argo Server with --auth-mode=server enabled. An attacker port-forwards to the Argo Server on port 2746 and issues standard HTTP requests with a literally fake Bearer token:
curl -sk -X POST "https://localhost:2746/api/v1/sync/default" \
-H "Authorization: Bearer fake-token" \
-H "Content-Type: application/json" \
-d '{"type": 0, "namespace": "default", "cmName": "test-sync", "key": "test-key", "limit": 5}'The server responds with a fully created ConfigMap, with no authentication validated. Subsequent requests with the same fake token can read, update, or delete the ConfigMap.
With kubectl verification confirming the changes were applied to the live Kubernetes cluster. The update endpoint accepts arbitrary values, allowing an attacker to escalate a sync limit to 999 or crash workflows by setting it to 0.
The attack surface for CVE-2026-42297 is broad, and the impact is multi-dimensional.
Denial of Service: An attacker can set synchronization limits to 0 or 1, effectively serializing or completely halting all parallel workflow execution across the cluster.
Workflow Disruption: Modifying sync limits mid-execution can corrupt the state of running workflows, causing undefined behavior, silent failures, or cascading pipeline crashes.
Sensitive Information Disclosure: ConfigMaps may store environment-specific configurations, internal service identifiers, or other sensitive operational data, all of which are readable without authorization.
Arbitrary ConfigMap Manipulation: Because the Argo Server’s service account often has broad Kubernetes RBAC permissions, an attacker can create or delete ConfigMaps in any accessible namespace, not just the one hosting Argo Workflows.
This broad blast radius makes CVE-2026-42297 particularly dangerous in multi-tenant Kubernetes environments where Argo Workflows serves as a shared orchestration platform.
Affected Versions and Mitigation
All Argo Workflows releases from version 4.0.0 through 4.0.4 are confirmed vulnerable. The issue has been fully patched in Argo Workflows version 4.0.5, released by the Argoproj team. Organizations running any 4.x release before 4.0.5, please upgrade immediately.
Notably, the 4.0.5 release also addresses several other high-severity vulnerabilities disclosed concurrently, including CVE-2026-42294 (an unauthenticated OOM crash via oversized webhook payloads) and CVE-2026-42183 (a nil-pointer dereference DoS for SSO users).
This makes upgrading to 4.0.5 a critical priority for any organization with Argo Workflows in production. Until patching is applied, security teams should enforce network-level controls to restrict access to the Argo Server’s API endpoints, particularly /api/v1/sync/.
Organizations should immediately audit access logs for unexpected POST, PUT, and DELETE requests to these endpoints, which may indicate active exploitation attempts.
After the upgrade, please review Kubernetes RBAC bindings for the Argo Server service account and apply the principle of least privilege, limiting ConfigMap access to only the namespaces Argo Workflows legitimately requires.
Deploying a detection rule such as “Argo Workflows ConfigMap Sync Service Modification” can help identify unauthorized manipulation in the future.
FAQ
Q1: What is CVE-2026-42297?
It is a high-severity missing authorization vulnerability in Argo Workflows that allows any user with a fake Bearer token to create, read, update, or delete Kubernetes ConfigMaps without any permission validation.
Q2: Which versions of Argo Workflows are affected?
Versions 4.0.0 through 4.0.4 are vulnerable; the issue is fully patched in version 4.0.5.
Q3: What is the real-world impact of this vulnerability?
Attackers can cause denial-of-service by zeroing sync limits, disrupting running workflows, reading sensitive ConfigMap data, or manipulating ConfigMaps across accessible Kubernetes namespaces.
Q4: How can organizations detect active exploitation of CVE-2026-42297?
Monitor Argo Server access logs for unauthorized POST, PUT, and DELETE requests to /api/v1/sync/ endpoints, especially those originating from unexpected sources or using anomalous tokens.
Site: thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
