CRITICALCVE-2026-23696Published 2026-04-07Modified 2026-05-25CNA VulnCheck

CVE-2026-23696: Windmill < 1.603.3 File Ownership Handling SQLi RCE

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints.

CVSS v4.0: 9.4
Severity: CRITICAL
Fixed in: 1.603.3
Affected Products: 2

Fix available

1.603.3

Patch commits

github.com

Affected packages

Windmill Labs / Windmill CE (Community Edition)
≤ 1.603.2
Fixed in 1.603.3
Windmill Labs / Windmill EE (Enterprise Edition)
≤ 1.603.2
Fixed in 1.603.3

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

References

chocapikk.com
github.com
github.com
github.com
windmill.dev
apps.nextcloud.com
vulncheck.com

Metrics

Fix available