CNNVD-202601-3334 Information

Jan 21, 2026 cve

CNNVD ID

CNNVD-202601-3334

CVE-2026-23960

  • CNNVD Published: 2026-01-21

Description (Chinese)

Argo Workflows是Argo项目的一个用于 Kubernetes 的开源容器原生工作流引擎。 Argo Workflows 3.6.17之前版本和3.7.8之前版本存在跨站脚本漏洞,该漏洞源于制品目录列表中存在存储型跨站脚本,可能导致任意JavaScript执行。

Description (English)

Argo Workflows is a primary workflow engine for open-source containers for Kubernetes in the Argo project. Pre-Argo Workflows 3.6.17 and pre-3.7.8 have a cross-site script loophole, which stems from the existence of a stored cross-site script in the catalogue list of products, which could lead to arbitrary JavaScript execution.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Argo

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244 https://github.com/argoproj/argo-workflows/commit/159a5c56285ecd4d3bb0a67aeef4507779a44e17 https://github.com/argoproj/argo-workflows/releases/tag/v3.6.17 https://github.com/argoproj/argo-workflows/releases/tag/v3.7.8 https://github.com/argoproj/argo-workflows/security/advisories/GHSA-cv78-6m8q-ph82

Patch

https://github.com/argoproj/argo-workflows/releases

Share on: