CVE-2026-28229 Overview
CVE-2026-28229 is a broken access control vulnerability in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The workflow templates endpoints fail to enforce authorization, allowing any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. A request carrying an arbitrary bearer token such as Authorization: Bearer nothing returns sensitive template content, including embedded Secret manifests. The flaw affects all versions prior to 4.0.2 and 3.7.11. The vendor classified the issue under CWE-863: Incorrect Authorization.
Critical Impact
Unauthenticated network attackers can exfiltrate workflow templates and embedded Kubernetes Secrets, exposing credentials and pipeline configurations.
Affected Products
- Argoproj Argo Workflows versions prior to 4.0.2 (4.x branch)
- Argoproj Argo Workflows versions prior to 3.7.11 (3.x branch)
- Kubernetes clusters running affected Argo Workflows controllers with the API server exposed
Discovery Timeline
- 2026-03-11 - CVE-2026-28229 published to NVD
- 2026-03-20 - Last updated in NVD database
Technical Details for CVE-2026-28229
Vulnerability Analysis
The vulnerability resides in the workflow template API endpoints exposed by the Argo Workflows server. These endpoints handle requests for WorkflowTemplates and ClusterWorkflowTemplates resources. The server accepts bearer tokens for authentication but fails to validate token authenticity before returning template content. Any non-empty Authorization: Bearer header bypasses the access check.
The disclosed templates frequently contain inline credentials. Argo Workflows users commonly embed Secret manifests, environment variables, and registry credentials directly within template specifications. An attacker reading these templates obtains the raw secret material along with the pipeline structure.
The impact extends beyond template metadata. Attackers gain visibility into the customer's internal CI/CD topology, downstream service endpoints, and the Kubernetes RBAC posture inferred from referenced ServiceAccounts.
Root Cause
The template retrieval handlers perform identity parsing without verifying the bearer token against the configured authentication provider. The authorization layer trusts the presence of a token header as proof of legitimate access. This is a classic CWE-863 authorization decision flaw where the policy check accepts attacker-supplied input without validation.
Attack Vector
Exploitation requires only network reachability to the Argo Workflows API server. The attacker sends an HTTP GET request to the workflow templates endpoint with an arbitrary bearer token. The server responds with the JSON-serialized template definitions including any embedded secrets. No prior credentials, user interaction, or privilege escalation steps are required. Internet-exposed Argo Workflows instances are directly reachable; cluster-internal instances are reachable from any compromised pod or lateral pivot point.
For exploitation specifics, refer to the GitHub Security Advisory GHSA-56px-hm34-xqj5.
Detection Methods for CVE-2026-28229
Indicators of Compromise
- HTTP requests to /api/v1/workflow-templates or /api/v1/cluster-workflow-templates endpoints from unexpected source IPs
- Authorization headers containing short, low-entropy, or obviously placeholder bearer tokens such as Bearer nothing or Bearer test
- Spike in outbound responses from the Argo server containing serialized Secret manifests
- Unauthenticated user agents enumerating template listings sequentially
Detection Strategies
- Review Argo Workflows server access logs for template endpoint requests that succeed without a corresponding authenticated session in the audit log
- Correlate Kubernetes audit logs against Argo API access logs to identify token values that never appear in TokenReview results
- Deploy an ingress or service mesh policy that logs and flags requests presenting bearer tokens shorter than the expected JWT length
Monitoring Recommendations
- Forward Argo Workflows server logs and Kubernetes audit logs to a centralized analytics platform for retroactive hunting
- Alert on any HTTP 200 response from template endpoints where the request source IP is outside the approved CI/CD network range
- Track baseline volumes of template read operations and alert on deviations
How to Mitigate CVE-2026-28229
Immediate Actions Required
- Upgrade Argo Workflows to version 4.0.2 or 3.7.11 immediately
- Rotate any Kubernetes Secrets, registry credentials, and API tokens previously embedded in workflow templates
- Restrict network exposure of the Argo Workflows API server to trusted CIDRs via NetworkPolicy or ingress controls
- Audit historical access logs for unauthorized template retrieval prior to patching
Patch Information
The vendor released fixes in Argo Workflows 4.0.2 and 3.7.11. Both releases enforce proper authorization on the workflow template endpoints. Operators on the 3.x branch should apply 3.7.11; operators on the 4.x branch should apply 4.0.2. See the GitHub Security Advisory for release artifacts and verification hashes.
Workarounds
- Place the Argo Workflows server behind an authenticating reverse proxy that validates bearer tokens before forwarding requests
- Remove inline Secret manifests from workflow templates and reference external Secret resources via secretKeyRef instead
- Apply Kubernetes NetworkPolicies restricting ingress to the argo-server Service to known administrative namespaces
- Disable the Argo server API entirely if not required, running workflows via the controller only
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

