Plattform
nodejs
Komponente
windmill-labs/windmill
Behoben in
1.603.3
1.603.3
1.603.3
CVE-2026-23696 is a critical Remote Code Execution (RCE) vulnerability discovered in Windmill CE and EE versions 1.276.0 through 1.603.2. This vulnerability allows authenticated attackers to inject malicious SQL code through the folder ownership management functionality. Successful exploitation could lead to the compromise of sensitive data and complete system takeover. The vulnerability is fixed in version 1.603.3.
The impact of CVE-2026-23696 is severe. An attacker exploiting this vulnerability can gain complete control over a Windmill instance. The SQL injection allows them to read sensitive data, such as the JWT signing secret, which is crucial for authenticating administrative actions. With this secret, an attacker can forge administrative tokens and bypass authentication mechanisms. Furthermore, the ability to execute arbitrary code via workflow execution endpoints allows for full system compromise, including data exfiltration, modification, and denial of service. This vulnerability shares similarities with other SQL injection attacks where sensitive data is exposed and used to escalate privileges.
CVE-2026-23696 was publicly disclosed on 2026-04-07. The vulnerability's criticality (CVSS 9.9) suggests a high probability of exploitation. As of this writing, no public proof-of-concept (PoC) code has been released, but the ease of SQL injection exploitation makes it likely that one will emerge. It is not currently listed on CISA KEV, but its severity warrants close monitoring. Active campaigns targeting Windmill instances are not currently confirmed, but the potential for widespread exploitation is significant.
Organizations using Windmill CE or EE versions 1.276.0 through 1.603.2, particularly those relying on Windmill for critical automation workflows or data processing, are at significant risk. Environments with weak authentication practices or shared hosting configurations where multiple users have access to the Windmill instance are especially vulnerable.
• nodejs / server:
grep -r 'SELECT * FROM users' /opt/windmill/app/routes/• nodejs / server:
journalctl -u windmill -f | grep -i "SQL injection"• generic web:
curl -I http://<windmill_host>/api/v1/folders/ -d 'owner=';disclosure
Exploit-Status
EPSS
0.07% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-23696 is to immediately upgrade Windmill to version 1.603.3 or later. If upgrading is not immediately feasible, consider implementing stricter input validation on the 'owner' parameter within the folder ownership management functionality. While not a complete fix, this can reduce the attack surface. Web application firewalls (WAFs) configured to detect and block SQL injection attempts can provide an additional layer of defense. Monitor Windmill logs for suspicious SQL queries or unusual activity related to folder ownership changes. After upgrading, confirm the fix by attempting to exploit the vulnerability using a known SQL injection payload and verifying that it is blocked.
Aktualisieren Sie Windmill auf Version 1.603.3 oder höher, um die (SQL Injection) Schwachstelle zu beheben. Dieses Update behebt die fehlerhafte Dateieigentumsverwaltung und verhindert die Ausführung von beliebigem Code über die (SQL Injection) in der Ordner-Eigentumsverwaltungsfunktionalität.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-23696 is a critical Remote Code Execution vulnerability in Windmill versions 1.0.0–1.603.3, allowing authenticated attackers to inject SQL and potentially execute arbitrary code.
If you are running Windmill CE or EE versions 1.276.0 through 1.603.3, you are vulnerable to this RCE vulnerability.
Upgrade Windmill to version 1.603.3 or later to remediate the vulnerability. Implement temporary workarounds like input validation and access restrictions if immediate upgrade is not possible.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a high probability of future exploitation.
Refer to the official Windmill security advisory for detailed information and updates: [https://windmill.systems/security](https://windmill.systems/security)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.