Home / Vulnerability Intelligence / CVE-2026-28229

CVE-2026-28229 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 11, 2026

Argo Workflows - Information Disclosure

Published: March 11, 2026Updated: March 11, 2026Remote Exploitable

Overview

Argo Workflows < 4.0.2 and < 3.7.11 contain an information disclosure vulnerability caused by improper authorization in Workflow templates endpoints, letting unauthenticated attackers retrieve sensitive template content including embedded secrets, exploit requires no valid authorization token.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.1%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can access sensitive workflow templates and embedded secrets, leading to information disclosure.

Mitigation

Update to versions 4.0.2 or 3.7.11 or later.

References

https://github.com/argoproj/argo-workflows/security/advisories/GHSA-56px-hm34-xqj5

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 11, 2026

🔴 CVE-2026-28229 - Critical (9.8) Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates).... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28229/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28229
Severity: Critical
CVSS Score: 9.8
Type: broken_access_control
Status: new
EPSS: 4.1%
Social Posts: 1

CWE

CWE-863

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.1%Probability of exploitation in the next 30 days