CVE-2026-42183

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 2,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() causes a panic (denial of service) for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSO_DELEGATE_RBAC_TO_NAMESPACE=true. This issue has been patched in version 4.0.5.

476

NULL Pointer Dereference

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory

Applicable Platforms

Languages: C, C#, C++, Go, Java

Likelihood of Exploit: Medium

View CWE Details

https://github.com/argoproj/argo-workflows/commit/c4cc17d0c…

https://github.com/argoproj/argo-workflows/commit/c4cc17d0c034fa9a9cc01ef1af6c8…

https://github.com/argoproj/argo-workflows/releases/tag/v4.…

https://github.com/argoproj/argo-workflows/releases/tag/v4.0.5

https://github.com/argoproj/argo-workflows/security/advisor…

https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p4gq-3vxj-f…

CVE-2026-42183

Description

NULL Pointer Dereference

Common Consequences

Applicable Platforms

Iscriviti alla newsletter