VDB
CVE-2026-23960
CVE-2026-23960
PUBLISHED
Argo Workflows affected by stored XSS in the artifact directory listing
EPSS 0.06% · 18.4th percentile
Risk Scores
EPSS Score
0.06%
18.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | argo-workflows | 0, 3.7.0 |
| Bitnami | argo-workflows | 0, 3.7.0, 0 |
Timeline
- Jan 21, 2026 CVE Published
- Jan 22, 2026 CVE Updated
- Jan 22, 2026 EPSS Score
- Jan 22, 2026 PoC Published
- Jan 24, 2026 PoC Published
- Jan 24, 2026 PoC Published
- Jan 24, 2026 PoC Published
- Jan 24, 2026 PoC Published
- Jan 24, 2026 PoC Published
- Jan 25, 2026 EPSS Score
- Jan 27, 2026 EPSS Score
- Jan 29, 2026 Security Advisory
References
- https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244 url
- https://github.com/argoproj/argo-workflows/commit/159a5c56285ecd4d3bb0a67aeef4507779a44e17 url
- https://github.com/argoproj/argo-workflows/releases/tag/v3.6.17 url
- https://github.com/argoproj/argo-workflows/releases/tag/v3.7.8 url
- https://github.com/argoproj/argo-workflows/security/advisories/GHSA-cv78-6m8q-ph82 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-23960 url