CVE-2026-23960 Overview
CVE-2026-23960 is a stored Cross-Site Scripting (XSS) vulnerability in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The vulnerability exists in the artifact directory listing functionality and allows any workflow author to execute arbitrary JavaScript in another user's browser under the Argo Server origin, enabling API actions with the victim's privileges.
Critical Impact
Attackers with workflow authorship privileges can inject malicious JavaScript that executes in the context of other users' sessions, potentially leading to account takeover, data theft, or unauthorized API operations within Kubernetes environments.
Affected Products
- Argo Workflows versions prior to 3.6.17
- Argo Workflows versions prior to 3.7.8
- Kubernetes environments running vulnerable Argo Workflows instances
Discovery Timeline
- 2026-01-21 - CVE CVE-2026-23960 published to NVD
- 2026-01-21 - Last updated in NVD database
Technical Details for CVE-2026-23960
Vulnerability Analysis
This stored XSS vulnerability resides in the artifact server component of Argo Workflows, specifically in the artifact_server.go file. The flaw stems from improper sanitization of user-controlled input when rendering directory listings for workflow artifacts.
When a workflow author creates artifacts with malicious content or filenames, the artifact directory listing feature fails to properly encode this content before rendering it in HTML. This allows JavaScript code to be stored and later executed when another user browses the artifact directory through the Argo Server web interface.
The attack operates under the Argo Server's origin, meaning the malicious script has full access to the victim's session and can perform any API action the victim is authorized to execute. In Kubernetes environments, this could include modifying workflows, accessing secrets, or performing other privileged operations.
Root Cause
The root cause is a lack of proper HTML encoding and template escaping in the artifact directory listing functionality. The vulnerable code in artifact_server.go (lines 194-244) directly outputs user-controlled data without sanitization, creating an XSS injection point. The fix introduces proper HTML template handling using Go's html/template package, which provides automatic context-aware escaping.
Attack Vector
The attack is network-based and requires the attacker to have workflow authorship privileges within the Argo Workflows system. The exploitation flow is as follows:
- An attacker with workflow creation privileges crafts a workflow containing artifacts with malicious JavaScript payloads
- The malicious payload is stored within the artifact metadata or directory structure
- When a victim user (such as an administrator) browses the artifact directory listing, the unsanitized content is rendered in their browser
- The injected JavaScript executes with the victim's session context, allowing the attacker to perform API actions as the victim
package artifacts
import (
+ "bytes"
"context"
"errors"
"fmt"
+ "html/template"
"io"
"mime"
"net/http"
Source: GitHub Security Patch
The fix adds the html/template import which provides automatic HTML escaping, replacing the vulnerable direct string output with properly escaped template rendering.
Detection Methods for CVE-2026-23960
Indicators of Compromise
- Unusual or suspicious artifact names containing HTML tags or JavaScript code (e.g., <script>, onerror=, javascript:)
- Unexpected API calls originating from user sessions after browsing artifact directories
- Workflow artifacts with encoded or obfuscated JavaScript payloads in filenames or content
- Browser console errors or anomalous script execution when viewing artifact listings
Detection Strategies
- Monitor Argo Server access logs for requests to artifact directory endpoints with suspicious patterns
- Implement Content Security Policy (CSP) headers to detect and block inline script execution attempts
- Deploy web application firewalls (WAF) with XSS detection rules for the Argo Server endpoints
- Audit workflow definitions for artifacts with potentially malicious names or metadata
Monitoring Recommendations
- Enable detailed logging on the Argo Server to capture artifact access patterns and user activity
- Configure alerting for unusual API activity following artifact directory browsing sessions
- Implement session monitoring to detect privilege escalation or unauthorized actions after potential XSS exploitation
- Regularly review workflow submissions for suspicious artifact configurations
How to Mitigate CVE-2026-23960
Immediate Actions Required
- Upgrade Argo Workflows to version 3.6.17 or 3.7.8 immediately
- Review existing workflows for any artifacts with suspicious names or content that could indicate exploitation
- Implement network segmentation to limit access to the Argo Server interface to trusted users only
- Enable Content Security Policy headers on the Argo Server if not already configured
Patch Information
Argo Workflows has released patched versions that address this vulnerability:
- Version 3.6.17 for the 3.6.x release branch - GitHub Release v3.6.17
- Version 3.7.8 for the 3.7.x release branch - GitHub Release v3.7.8
The fix implements proper HTML template escaping using Go's html/template package to ensure all user-controlled data is sanitized before rendering. For additional details, refer to the GitHub Security Advisory GHSA-cv78-6m8q-ph82.
Workarounds
- Restrict workflow authorship privileges to trusted users only until patches can be applied
- Implement a reverse proxy with XSS filtering in front of the Argo Server
- Disable artifact browsing functionality if not required for operations
- Deploy strict Content Security Policy headers to mitigate the impact of any successful XSS exploitation
# Example: Update Argo Workflows using Helm
helm repo update
helm upgrade argo-workflows argo/argo-workflows --version 3.7.8 -n argo
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
