CVE-2026-31892 Overview
CVE-2026-31892 is an authorization bypass vulnerability in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The vulnerability allows authenticated users who can submit Workflows to completely bypass security settings defined in WorkflowTemplates by including a podSpecPatch field in their Workflow submission. This bypass works even when the controller is configured with templateReferencing: Strict, a mechanism specifically designed to restrict users to admin-approved templates.
Critical Impact
Authenticated users can bypass all WorkflowTemplate security controls, potentially gaining unauthorized access to cluster resources and executing arbitrary container configurations outside of approved security policies.
Affected Products
- Argo Workflows versions 2.9.0 through 4.0.1
- Argo Workflows versions 3.7.0 through 3.7.10
Discovery Timeline
- 2026-03-11 - CVE CVE-2026-31892 published to NVD
- 2026-03-12 - Last updated in NVD database
Technical Details for CVE-2026-31892
Vulnerability Analysis
This vulnerability is classified as CWE-863 (Incorrect Authorization). The root issue lies in how Argo Workflows processes the podSpecPatch field during workflow submission. When a user submits a Workflow that references a WorkflowTemplate, the system is supposed to enforce the security constraints defined in that template. However, the podSpecPatch field on a submitted Workflow takes precedence over the referenced WorkflowTemplate during spec merging.
The vulnerability is particularly severe because it defeats the purpose of the templateReferencing: Strict configuration option. Administrators who have implemented this setting with the expectation that users can only execute pre-approved workflow templates are unknowingly exposed to this bypass technique.
Root Cause
The vulnerability stems from improper authorization checks during the workflow submission process. When the Argo Workflows controller merges specifications from a submitted Workflow with its referenced WorkflowTemplate, the podSpecPatch field from the user's submission is applied directly to the pod spec at creation time without any security validation. This allows attackers to inject arbitrary pod specifications that override the security controls defined by administrators in WorkflowTemplates.
Attack Vector
An attacker with permissions to submit Workflows can craft a malicious Workflow that references a legitimate, admin-approved WorkflowTemplate while including a podSpecPatch field containing arbitrary pod specifications. These specifications could include privileged container settings, host path mounts, modified security contexts, or other dangerous configurations that would normally be prohibited by the referenced template's security policies. The attack requires network access and authenticated user privileges but has low complexity and requires no user interaction.
The malicious podSpecPatch field could be used to escalate privileges within the Kubernetes cluster, access sensitive host resources, or bypass network policies and other security controls that the WorkflowTemplate was designed to enforce.
Detection Methods for CVE-2026-31892
Indicators of Compromise
- Workflow submissions containing podSpecPatch fields that were not explicitly authorized by administrators
- Pods created by Argo Workflows with security contexts or volume mounts that deviate from approved WorkflowTemplate definitions
- Unusual container privilege escalations originating from workflow-created pods
Detection Strategies
- Implement admission controllers (such as OPA Gatekeeper or Kyverno) to audit and block Workflow submissions containing podSpecPatch fields
- Enable verbose logging on the Argo Workflows controller to capture all workflow submissions and their specifications
- Deploy runtime security monitoring to detect containers with unexpected privileged configurations
Monitoring Recommendations
- Monitor Kubernetes audit logs for Workflow creation events containing podSpecPatch specifications
- Alert on any workflow-spawned pods that request privileged access or sensitive volume mounts
- Track deviations between approved WorkflowTemplate specifications and actual pod configurations at runtime
How to Mitigate CVE-2026-31892
Immediate Actions Required
- Upgrade Argo Workflows to version 4.0.2 or 3.7.11 immediately
- Audit existing workflows for any suspicious podSpecPatch usage
- Review Kubernetes audit logs for potential exploitation attempts prior to patching
- Implement admission controller policies to block unauthorized podSpecPatch fields as a defense-in-depth measure
Patch Information
The vulnerability has been fixed in Argo Workflows versions 4.0.2 and 3.7.11. Organizations running affected versions (2.9.0 through 4.0.1 or 3.7.0 through 3.7.10) should upgrade to the patched versions as soon as possible. For detailed information about the security fix, refer to the GitHub Security Advisory.
Workarounds
- Deploy Kubernetes admission controllers to explicitly deny or audit Workflow submissions containing podSpecPatch fields
- Restrict Workflow submission permissions to trusted service accounts or users until patching is complete
- Implement network policies to limit the blast radius of any potentially compromised workflow-spawned pods
# Example Kyverno policy to block podSpecPatch in Workflow submissions
kubectl apply -f - <<EOF
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: block-workflow-podspecpatch
spec:
validationFailureAction: Enforce
rules:
- name: deny-podspecpatch
match:
resources:
kinds:
- Workflow
validate:
message: "podSpecPatch is not allowed in Workflow submissions"
pattern:
spec:
X(podSpecPatch): "null"
EOF
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
