A critical sandbox escape vulnerability in Windmill allows authenticated users to escalate privileges and perform man-in-the-middle attacks across tenant workspaces.

Incorrect permissions on /etc bind-mounts allow authenticated users to modify sensitive configuration files, leading to persistent sandbox poisoning and potential cross-tenant access.

The CVSS score of 9.6 highlights the severe impact on isolation and multi-tenancy security. An attacker could intercept administrative tokens (WM_TOKEN), effectively gaining workspace-admin privileges and compromising the security of all tenants hosted on the affected infrastructure, resulting in widespread data exfiltration.

Immediate Action: Update Windmill to version 1.703.2 or later to correct the nsjail sandbox mount permissions.

Proactive Monitoring: Audit logs for unauthorized modifications to system configuration files within the container environment and monitor for suspicious JWT token usage.

Compensating Controls: Ensure that script execution environments are strictly isolated at the container orchestration layer if immediate patching is not feasible.

Public Exploit Available: Unknown

This vulnerability undermines the fundamental security of the Windmill platform's multi-tenant architecture. Administrators must prioritize updating to the latest version to prevent cross-tenant compromise and maintain the integrity of their sandbox environments.