ByteOS Network

CVE Vulnerability Details :

CVE-2026-42295

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-09 May, 2026 | 03:48

Updated At-09 May, 2026 | 03:48

▼CVE Numbering Authority (CNA)

Argo Workflows: Exposure of artifact repository credentials

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. This issue has been patched in version 4.0.5.

Affected Products

Vendor

argoproj

Product

argo-workflows

Versions

Affected

>= 4.0.0, < 4.0.5

Problem Types

Type	CWE ID	Description
CWE	CWE-522	CWE-522: Insufficiently Protected Credentials

Type: CWE

CWE ID: CWE-522

Description: CWE-522: Insufficiently Protected Credentials

Metrics

Version	Base score	Base severity	Vector
4.0	8.5	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Version: 4.0

Base score: 8.5

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

Hyperlink	Resource
https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf	x_refsource_CONFIRM
https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5	x_refsource_MISC

Hyperlink: https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5

Resource:

x_refsource_MISC

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References