GO-2026-5072
- Source
- https://pkg.go.dev/vuln/GO-2026-5072
- Import Source
- https://vuln.go.dev/ID/GO-2026-5072.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2026-5072
- Aliases
-
- BIT-argo-workflows-2026-42296
- CVE-2026-42296
- GHSA-3775-99mw-8rp4
- Published
- 2026-06-25T18:26:48Z
- Modified
- 2026-06-25T18:56:36.204961970Z
- Summary
- Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure in github.com/argoproj/argo-workflows
- Details
-
Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure in github.com/argoproj/argo-workflows
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2026-5072", "review_status": "UNREVIEWED" }- References
-
- https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3775-99mw-8rp4
- https://nvd.nist.gov/vuln/detail/CVE-2026-42296
- https://github.com/argoproj/argo-workflows/commit/2727f3f701677d467dfb5e053c57237cbc752c3c
- https://github.com/argoproj/argo-workflows/commit/534f4ff1cbd86908e8ff76d97d553ad5a49a950d
- https://github.com/argoproj/argo-workflows/releases/tag/v3.7.14
- https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5
- https://github.com/argoproj/argo-workflows/security/advisories/GHSA-3wf5-g532-rcrr
Affected packages
Go
github.com/argoproj/argo-workflows
Package
- Name
- github.com/argoproj/argo-workflows
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/argoproj/argo-workflows
github.com/argoproj/argo-workflows/v2
Package
- Name
- github.com/argoproj/argo-workflows/v2
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/argoproj/argo-workflows/v2
github.com/argoproj/argo-workflows/v3
Package
- Name
- github.com/argoproj/argo-workflows/v3
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/argoproj/argo-workflows/v3
github.com/argoproj/argo-workflows/v4
Package
- Name
- github.com/argoproj/argo-workflows/v4
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/argoproj/argo-workflows/v4