CVE-2026-42295
mediumCVSS v3 Base Score
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 87% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
None
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The workflow executor logs all artifact repository credentials, such as S3 (Simple Storage Service) access keys, GCS (Google Cloud Storage) service account keys, Azure account keys, and Git passwords, in plaintext during artifact operations. This allows any user with read access to workflow pod logs to extract these sensitive credentials, leading to information disclosure.
CWE
CWE-256Affected Products
Red Hat OpenShift AI (RHOAI)