CVE-2026-23696

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.9 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints.

Vulnerability Details

Published Date

April 07, 2026

Last Modified

April 08, 2026

CWE ID

CWE-89

Source

NVD

Vendor

Windmill Labs, Nextcloud

Product

Windmill CE (Community Edition), Windmill EE (Enterprise Edition), Flow

External References

https://apps.nextcloud.com/apps/flow/releases
https://chocapikk.com/posts/2026/windfall-nextcloud-flow-windmill-rce/
https://github.com/Chocapikk/Windfall
https://github.com/windmill-labs/windmill/commit/942fb629210ebb287f48467d1535ffde3a3eeafe
https://github.com/windmill-labs/windmill/releases/tag/v1.603.3
https://www.vulncheck.com/advisories/windmill-file-ownership-handling-sqli-rce
https://www.windmill.dev/

CVE-2026-23696

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment