Main Vulnerability Database Vulnerabilities #VU126910

Insufficiently protected credentials in Argo Workflows - #VU126910

Published: April 23, 2026

Vulnerability identifier: #VU126910

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Argo

Affected software:
Argo Workflows

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive credentials.

The vulnerability exists due to insufficiently protected credentials in the workflow executor logging driver when logging artifact operations. A remote privileged user can read workflow pod logs to disclose sensitive credentials.

Any user with Kubernetes RBAC permissions to read pod logs in the workflow namespace can extract artifact repository credentials, including S3, OSS, and GCS credential fields.

Remediation

Install security update from vendor's website.

Sources

https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf

Insufficiently protected credentials in Argo Workflows - #VU126910

Detailed vulnerability description

Remediation

Sources

Please verify you're human