Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-31892

CVE-2026-31892: Argo Workflows Auth Bypass Vulnerability

CVE-2026-31892 is an authentication bypass flaw in Argo Workflows that allows users to bypass security settings via podSpecPatch. This article covers technical details, affected versions, security impact, and mitigation.

Published:

CVE-2026-31892 Overview

CVE-2026-31892 is an authorization bypass vulnerability in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The vulnerability allows authenticated users who can submit Workflows to completely bypass security settings defined in WorkflowTemplates by including a podSpecPatch field in their Workflow submission. This bypass works even when the controller is configured with templateReferencing: Strict, a mechanism specifically designed to restrict users to admin-approved templates.

Critical Impact

Authenticated users can bypass all WorkflowTemplate security controls, potentially gaining unauthorized access to cluster resources and executing arbitrary container configurations outside of approved security policies.

Affected Products

  • Argo Workflows versions 2.9.0 through 4.0.1
  • Argo Workflows versions 3.7.0 through 3.7.10

Discovery Timeline

  • 2026-03-11 - CVE CVE-2026-31892 published to NVD
  • 2026-03-12 - Last updated in NVD database

Technical Details for CVE-2026-31892

Vulnerability Analysis

This vulnerability is classified as CWE-863 (Incorrect Authorization). The root issue lies in how Argo Workflows processes the podSpecPatch field during workflow submission. When a user submits a Workflow that references a WorkflowTemplate, the system is supposed to enforce the security constraints defined in that template. However, the podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging.

The vulnerability is particularly severe because it defeats the purpose of the templateReferencing: Strict configuration option. Administrators who have implemented this setting with the expectation that users can only execute pre-approved workflow templates are unknowingly exposed to this bypass technique.

Root Cause

The vulnerability stems from improper authorization checks during the workflow submission process. When the Argo Workflows controller merges specifications from a submitted Workflow with its referenced WorkflowTemplate, the podSpecPatch field from the user's submission is applied directly to the pod spec at creation time without any security validation. This allows attackers to inject arbitrary pod specifications that override the security controls defined by administrators in WorkflowTemplates.

Attack Vector

An attacker with permissions to submit Workflows can craft a malicious Workflow that references a legitimate, admin-approved WorkflowTemplate while including a podSpecPatch field containing arbitrary pod specifications. These specifications could include privileged container settings, host path mounts, modified security contexts, or other dangerous configurations that would normally be prohibited by the referenced template's security policies. The attack requires network access and authenticated user privileges but has low complexity and requires no user interaction.

The malicious podSpecPatch field could be used to escalate privileges within the Kubernetes cluster, access sensitive host resources, or bypass network policies and other security controls that the WorkflowTemplate was designed to enforce.

Detection Methods for CVE-2026-31892

Indicators of Compromise

  • Workflow submissions containing podSpecPatch fields that were not explicitly authorized by administrators
  • Pods created by Argo Workflows with security contexts or volume mounts that deviate from approved WorkflowTemplate definitions
  • Unusual container privilege escalations originating from workflow-created pods

Detection Strategies

  • Implement admission controllers (such as OPA Gatekeeper or Kyverno) to audit and block Workflow submissions containing podSpecPatch fields
  • Enable verbose logging on the Argo Workflows controller to capture all workflow submissions and their specifications
  • Deploy runtime security monitoring to detect containers with unexpected privileged configurations

Monitoring Recommendations

  • Monitor Kubernetes audit logs for Workflow creation events containing podSpecPatch specifications
  • Alert on any workflow-spawned pods that request privileged access or sensitive volume mounts
  • Track deviations between approved WorkflowTemplate specifications and actual pod configurations at runtime

How to Mitigate CVE-2026-31892

Immediate Actions Required

  • Upgrade Argo Workflows to version 4.0.2 or 3.7.11 immediately
  • Audit existing workflows for any suspicious podSpecPatch usage
  • Review Kubernetes audit logs for potential exploitation attempts prior to patching
  • Implement admission controller policies to block unauthorized podSpecPatch fields as a defense-in-depth measure

Patch Information

The vulnerability has been fixed in Argo Workflows versions 4.0.2 and 3.7.11. Organizations running affected versions (2.9.0 through 4.0.1 or 3.7.0 through 3.7.10) should upgrade to the patched versions as soon as possible. For detailed information about the security fix, refer to the GitHub Security Advisory.

Workarounds

  • Deploy Kubernetes admission controllers to explicitly deny or audit Workflow submissions containing podSpecPatch fields
  • Restrict Workflow submission permissions to trusted service accounts or users until patching is complete
  • Implement network policies to limit the blast radius of any potentially compromised workflow-spawned pods
bash
# Example Kyverno policy to block podSpecPatch in Workflow submissions
kubectl apply -f - <<EOF
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: block-workflow-podspecpatch
spec:
  validationFailureAction: Enforce
  rules:
  - name: deny-podspecpatch
    match:
      resources:
        kinds:
        - Workflow
    validate:
      message: "podSpecPatch is not allowed in Workflow submissions"
      pattern:
        spec:
          X(podSpecPatch): "null"
EOF

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.