CVE-2026-47107

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

Windmill 安全漏洞

Windmill is a low-code development platform open source by Windmill Labs, Inc. Versions of Windmill prior to 1.703.2 contained security vulnerabilities. These vulnerabilities stemmed from the binding and mounting of directories under /etc in the nsjail sandbox configuration file without any...

PT-2026-41986

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...

CVE-2026-22683

creationtimestamp| type| source ---|---|--- 2026-04-07 19:33:24+00:00| seen| Telegram/UR5TCX5vufcj9skQtsOGmPNpHO32u3eWlC-vhPXaaDs7Lc 2026-04-07 19:33:43+00:00| seen| Telegram/7stdzVfIjMVb7tvEQLoql-CFRLg5JIYu0eUqsXCfmQ30DI4 2026-04-08 12:27:23+00:00| seen|...

CVE-2026-22683 Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE

Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities,...

CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

WindMill 路径遍历漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...

EUVD-2024-2794

Malicious code in bioql PyPI...

Remote Authentication Rate Limiting Bypass

github.com/windmill-labs/windmill is vulnerable to Remote Authentication Rate Limiting Bypass. The vulnerability is due to improper handling of authentication attempts, which fails to restrict excessive attempts, allowing an attacker to exploit excessive authentication attempts remotely, with a...

CVE-2024-8462

Windmill 1.380.0 is affected by CVE-2024-8462 in the HTTP Request Handler (backend/windmill-api/src/users.rs), leading to improper restriction of excessive authentication attempts. The vulnerability is exploitable remotely with high attack complexity and low reported impact; upgrading to version ...

WindMill 路径遍历漏洞

WindMill is a free open source tool from the individual developers at Lukasavicus. It is used to control job execution in Python. A security vulnerability exists in WindMill version 1.0 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute...