CVE-2026-42294: Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
Severity: Medium
Component: Webhook Interceptor (server/auth/webhook)
Vulnerability Type: Denial of Service (DoS)
References
- github.com/advisories/GHSA-jcc8-g2q4-9fxq
- github.com/argoproj/argo-workflows
- github.com/argoproj/argo-workflows/commit/7abb4de6c3599e2d5d960ba4d5de4cf1df109965
- github.com/argoproj/argo-workflows/releases/tag/v4.0.5
- github.com/argoproj/argo-workflows/security/advisories/GHSA-jcc8-g2q4-9fxq
- nvd.nist.gov/vuln/detail/CVE-2026-42294
Code Behaviors & Features
Detect and mitigate CVE-2026-42294 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →