Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2026/03/29 11:13 a.m.7 views

CVE-2026-33881

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

8.6CVSS6AI score0.00378EPSS
Exploits1References1
euvd
euvd
added 2026/03/27 8:34 p.m.7 views

EUVD-2026-16820

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

8.6CVSS6AI score0.00378EPSS
Exploits1References1
cvelist
cvelist
added 2026/03/27 8:34 p.m.23 views

CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

8.6CVSS0.00378EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/03/27 8:34 p.m.4 views

CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

8.6CVSS6AI score0.00378EPSS
Exploits1References1
osv
osv
added 2026/03/27 8:34 p.m.5 views

CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

8.6CVSS6.1AI score0.00378EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/03/27 12:0 a.m.11 views

PT-2026-28548

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.664.0 Description Windmill, a developer platform for internal code including APIs, background jobs, workflows, and UIs, is affected by a code injection issue. Workspace environment variable values are interpolated...

8.6CVSS6AI score0.00378EPSS
Exploits1References6
Rows per page
Query Builder