CVE-2026-54526 | argoproj argo-workflows up to 3.7.14/4.0.5 ArtifactGC workflow/util/merge.go ValidateUserOverrides/SanitizeUserWorkflowSpec PodSpecPatch injection
A vulnerability classified as critical was found in argoproj argo-workflows up to 3.7.14/4.0.5. This vulnerability affects the function ValidateUserOverrides/SanitizeUserWorkflowSpec of the file workflow/util/merge.go of the component ArtifactGC. Executing a manipulation of the argument PodSpecPatch can lead to injection.
The identification of this vulnerability is CVE-2026-54526. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More