Meln5674

**Name of the Vulnerable Software and Affected Versions** Argo Workflows version 3.6.0-rc1 **Description** Due to a race condition in a global variable, the Argo Workflows controller can be made to crash on-command by any user with access to execute a workflow. This issue can be exploited by creating and cleaning up multiple daemon pods in rapid succession, triggering a panic and restart of the controller. A malicious user with access to create workflows can continually submit workflows that do nothing except create and then clean up multiple daemon pods, resulting in a crash-loop that prevents other users' workflows from running. **Recommendations** For Argo Workflows version 3.6.0-rc1, update to version 3.6.0-rc2 to resolve the issue. As a temporary workaround, consider restricting access to execute workflows or limiting the creation of daemon pods to minimize the risk of exploitation.