What is CVE-2026-33881 — Code Injection in Windmill?

CVE-2026-33881 is a code injection vulnerability in Windmill versions up to 1.664.0. It allows attackers to inject JavaScript by manipulating workspace environment variables.

Am I affected by CVE-2026-33881 in Windmill?

You are affected if you are using Windmill version 1.664.0 or earlier. Upgrade to 1.664.0 to mitigate the risk.

How do I fix CVE-2026-33881 in Windmill?

Upgrade Windmill to version 1.664.0 or later. Restrict workspace administrator privileges as a temporary workaround.

Is CVE-2026-33881 being actively exploited?

There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants caution.

Where can I find the official Windmill advisory for CVE-2026-33881?

Refer to the Windmill project's official release notes and security advisories for details: [https://windmill.systems/](https://windmill.systems/)

CVE-2026-33881 — Vulnerability Details

NEXTGUARD

Escanear gratis

CVE-2026-33881 — Vulnerability Details | NextGuard

Pasos de Deteccióntraduciendo…

• rust / platform: Examine workspace environment variables for suspicious characters or code.

find . -name '*.env' -print0 | xargs -0 grep -E "['].*['"

• rust / platform: Monitor NativeTS script execution logs for unexpected JavaScript code or errors. • generic web: Inspect Windmill workspace configurations for unusual environment variable settings. • generic web: Review Windmill access logs for attempts to manipulate environment variables.

Windmill: Administradores de espacio de trabajo maliciosos pueden inyectar código a través de la interpolación sin escape de variables de entorno del espacio de trabajo en el ejecutor NativeTS

Impacto y Escenarios de Ataquetraduciendo…

Contexto de Explotacióntraduciendo…

Quién Está en Riesgotraduciendo…

Pasos de Deteccióntraduciendo…

Cronología del Ataque

Inteligencia de Amenazas

Software Afectado

Clasificación de Debilidad (CWE)

Cronología

Mitigación y Workaroundstraduciendo…

Cómo corregirlo

Boletín de seguridad CVE

Preguntas frecuentestraduciendo…

What is CVE-2026-33881 — Code Injection in Windmill?

Am I affected by CVE-2026-33881 in Windmill?

How do I fix CVE-2026-33881 in Windmill?

Is CVE-2026-33881 being actively exploited?

Where can I find the official Windmill advisory for CVE-2026-33881?

¿Tu proyecto está afectado?

Detecta esta CVE en tu proyecto