CVE-2026-23960 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-23960 Interim 1 1 2026-03-05T00:16:34Z current 2026-03-05T00:16:34Z 2026-03-05T00:16:34Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-23960 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user's browser under the Argo Server origin, enabling API actions with the victim's privileges. Versions 3.6.17 and 3.7.8 fix the issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2026-February/024084.html E-Mail link for SUSE-SU-2026:0403-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user's browser under the Argo Server origin, enabling API actions with the victim's privileges. Versions 3.6.17 and 3.7.8 fix the issue. CVE-2026-23960 important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N