CVE-2026-23960: Stored XSS in Argo Workflows Enables Browser-Based Privilege Abuse

Aegiron 9 mins0

Vulnerability Overview

CVE ID: CVE-2026-23960
Product: Argo Workflows
Vulnerability Type: Stored Cross-Site Scripting (Stored XSS)
Impact Category: Privilege Abuse / Session Abuse
CVSS Score: 7.3 (High)
Severity: High
Attack Vector: Remote (Web UI)
Authentication Required: Yes (Low privilege – workflow author)
User Interaction: Required
Exploit Maturity: Proof-of-concept possible (educational use only)
Official Fix Available: Yes

High-Level Summary

A stored cross-site scripting vulnerability was identified in Argo Workflows where artifact directory entries were rendered in the web interface without sufficient output encoding. When a malicious payload was stored as part of an artifact’s metadata, it was executed in the browser of any user who later viewed the artifact listing page.

Because the payload was executed under the Argo Server web origin, access to authenticated API endpoints became possible using the victim’s active browser session. This resulted in a privilege abuse scenario where a low-privileged workflow author could indirectly perform actions as higher-privileged users.

Technical Details

The vulnerability existed in the way artifact directory listings were processed and displayed in the Argo Server web UI. Artifact names and directory entries originating from workflow execution outputs were not consistently sanitized or escaped before being rendered as HTML.

As a result:

  • Arbitrary HTML and JavaScript could be stored persistently.
  • Stored content was rendered for every subsequent viewer.
  • Script execution occurred automatically upon page load.

The flaw was not related to browser behavior but to missing server-side output encoding during UI rendering.

Attack Scenario

  1. A user with permission to create or submit workflows authored a workflow that produced an artifact with a malicious name or metadata.
  2. The artifact metadata contained embedded JavaScript or HTML event handlers.
  3. The artifact was stored by Argo Workflows without sanitization.
  4. Another authenticated user accessed the Argo web UI and navigated to the artifact directory view.
  5. The malicious content was rendered directly in the browser.
  6. The script executed with the victim’s session context.
  7. Argo Server APIs became accessible to the script using the victim’s permissions.

Privilege Abuse Explanation

Although the attacker started with low privileges, the stored XSS allowed execution of JavaScript within the trusted application origin. This enabled:

  • Invocation of internal API endpoints
  • Reading of workflow data visible to the victim
  • Triggering workflow actions such as terminate, retry, or resubmit
  • Potential session token exposure depending on browser configuration

This transformed a client-side issue into a privilege abuse vector.

Educational Proof-of-Concept (PoC)

For educational and defensive testing purposes only

Typical payloads used to demonstrate impact included:

<script>alert('XSS')</script>

More realistic payloads observed during testing included API interaction logic such as:

<img src=x onerror="fetch('/api/v1/workflows').then(r=>r.text()).then(d=>console.log(d))">

Encoded payloads were also effective and harder to detect:

%3Cscript%3Ealert(document.domain)%3C/script%3E

No weaponized exploit was required. The vulnerability relied entirely on stored content and normal user interaction.

MITRE Classification

  • CWE-79: Improper Neutralization of Input During Web Page Generation
  • ATT&CK (Contextual Mapping):
    • Exploitation for Client Execution
    • Drive-by Compromise
    • Command and Scripting Interpreter – JavaScript

These mappings help SOC teams align detection and response activities.

Detection Strategy

What Should Be Detected

  • Artifact metadata containing HTML or JavaScript tokens
  • Suspicious artifact names with encoded script elements
  • UI-initiated API calls immediately after artifact page access
  • Repeated artifact views followed by sensitive workflow actions

Log Sources to Monitor

  • Argo Server access logs
  • Ingress controller / reverse proxy logs
  • Web Application Firewall logs
  • Kubernetes audit logs
  • Browser CSP violation reports (if enabled)
  • Central SIEM aggregation

Splunk Detection Rules

Rule 1: Suspicious Script Content in Artifact Metadata

index=argo_logs
| search "<script" OR "onerror=" OR "javascript:" OR "%3Cscript%3E"
| stats count by user, src_ip, uri, _time
| sort -count

Rule 2: Encoded XSS Payload Detection

index=argo_logs
| rex field=_raw "(%3C|<)(script|img|svg)"
| stats count by src_ip, user, uri

Rule 3: Artifact View Followed by Privileged API Calls

index=argo_logs
| transaction user maxspan=2m
  startswith=(uri="/artifacts")
  endswith=(uri="/api/v1/workflows")
| stats count by user, src_ip

Rule 4: Multiple Users Accessing Same Artifact

index=argo_logs uri="/artifacts"
| stats dc(user) as user_count values(user) by artifact_id
| where user_count > 3

This may indicate a stored payload affecting multiple users.

Risk and Business Impact

If exploited, the vulnerability could lead to:

  • Unauthorized workflow manipulation
  • Exposure of sensitive pipeline data
  • Abuse of administrative privileges
  • Loss of trust in CI/CD orchestration integrity

Because Argo Workflows is often used in production CI/CD environments, the blast radius could be significant.

Remediation and Patch Information

The vulnerability was fully fixed by applying proper output encoding in the Argo Server UI.

Upgrade immediately to one of the following official versions:

  • Argo Workflows v3.6.17
  • Argo Workflows v3.7.8

Official upgrade / release links:

No configuration-only workaround fully mitigates this issue.

Temporary Risk Reduction

  • Restrict workflow author permissions
  • Limit access to Argo UI via network controls
  • Enable Content Security Policy (CSP) without inline scripts
  • Apply WAF rules to block HTML/script content in artifact metadata
  • Increase logging and alerting around artifact access

These measures reduce exposure but do not eliminate risk.

Final Takeaway

CVE-2026-23960 represented a classic stored XSS vulnerability with modern impact due to API-driven web applications. While technically simple, the ability to chain it into privilege abuse made it high risk. Immediate patching and log review were required to ensure no prior exploitation occurred.

Aegiron

Backed by 11+ years in cybersecurity and incident response, we decode the latest threats shaping today’s digital battlefield. This blog cuts through the noise with clear insights on vulnerabilities, emerging exploits, and the cyber news defenders can’t afford to miss.