Bug 2468445 (CVE-2026-42183)

Summary: CVE-2026-42183 github.com/argoproj/argo-workflows: Argo Workflows: Denial of Service via nil pointer dereference for SSO users
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jkoehler, lphiri
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Argo Workflows. This flaw, a nil pointer dereference in the `rbacAuthorization()` function, affects Single Sign-On (SSO) users. When `SSO_DELEGATE_RBAC_TO_NAMESPACE` is enabled, an authenticated SSO user whose claims match a namespace-level Role-Based Access Control (RBAC) rule but not an SSO-namespace rule can trigger a system panic. This can lead to a Denial of Service (DoS) for the affected system.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-09 05:01:47 UTC
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() causes a panic (denial of service) for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSO_DELEGATE_RBAC_TO_NAMESPACE=true. This issue has been patched in version 4.0.5.