CLEANSTART-2026-CV28298

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-CV28298.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLEANSTART-2026-CV28298
Upstream
  • ghsa-2x5j-vhc8-9cwm
  • ghsa-c2hv-4pfj-mm2r
  • ghsa-cfpf-hrx2-8rv6
  • ghsa-p84v-gxvw-73pf
Published
2026-02-11T00:41:59.034081Z
Modified
2026-02-12T21:15:17.808540Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption
Details

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability details.

References

Affected packages

CleanStart / argo-workflows-fips

Package

Name
argo-workflows-fips

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.3-r0

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-CV28298.json"