CVE-2026-23960: Argo Workflows affected by stored XSS in the artifact directory listing
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges. Versions 3.6.17 and 3.7.8 fix the issue.
Security readout for executives and security teams
Plain-English summary
Argo Workflows has a stored cross-site scripting flaw in artifact directory listings. A workflow author could cause another Argo Server user’s browser to run attacker-controlled JavaScript, potentially making API actions as that user. Fixed versions are 3.6.17 and 3.7.8.
Executive priority
Prioritize remediation for shared or production Argo Workflows deployments. This is not reported as actively exploited in the provided sources, but it can cross privilege boundaries inside Argo Server when users with different roles interact with workflow artifacts.
Technical view
CVE-2026-23960 is CWE-79 stored XSS in Argo Workflows artifact directory listing. The issue affects versions before 3.6.17 and 3.7.0 through before 3.7.8. The CVSS 4.0 score is 7.3, with low privileges required and user interaction required.
Likely exposure
Organizations running Argo Workflows on Kubernetes are exposed if Argo Server uses affected versions, especially shared deployments where workflow authors and artifact viewers have different privilege levels. The main risk is authenticated, lower-privileged authors influencing higher-privileged users’ browser sessions.
Exploitation context
The source bundle does not show CISA KEV listing or confirmed active exploitation. Exploitation requires a workflow author and a victim user viewing the affected artifact directory listing. The impact may include API actions under the victim’s Argo Server privileges.
Researcher notes
Focus validation on artifact directory listing rendering, version state, and trust boundaries between workflow authors and artifact viewers. Avoid assuming unauthenticated exposure: the CVSS vector includes PR:L and UI:A. The public sources identify fixed versions but do not provide broader workaround details.
Mitigation direction
Upgrade Argo Workflows to 3.6.17 or 3.7.8 as applicable.
Check the GitHub advisory and release notes for vendor guidance.
Limit workflow author permissions to trusted users until upgraded.
Restrict Argo Server access where mixed-trust users share the same deployment.
Review RBAC so browser-session misuse has limited operational impact.
Validation and detection
Inventory all Argo Workflows deployments and record exact versions.
Confirm no deployment is below 3.6.17 or in 3.7.0 through 3.7.7.
Identify users allowed to create workflows in each environment.
Identify users who can browse artifact directory listings.
Review Argo Server authentication and authorization boundaries.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-79: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The affected technology mentions containers, so container-specific ATT&CK technique review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
2CVSS vectors
5Timeline events
2ADP providers
9Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: total
CVSS vector scores
2 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-79 · source CWE mapping
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.