NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-42295

Summary	Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc.) in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. This issue has been patched in version 4.0.5.
Publication Date	May 9, 2026, 1:16 p.m.
Registration Date	May 10, 2026, 4:10 a.m.
Last Update	May 9, 2026, 1:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5	security-advisories@github.com
2	https://github.com/argoproj/argo-workflows/security/advisories/GHSA-7vf8-2cr6-54mf	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-522	認証情報の不十分な保護	https://cwe.mitre.org/data/definitions/522.html