CVE-2026-23696

Windmill · CE and EE

Windmill CE and EE contain an SQL injection vulnerability in folder ownership management, allowing authenticated attackers to achieve remote code execution.

Executive summary

A critical SQL injection vulnerability in Windmill CE and EE allows authenticated attackers to escalate privileges and execute arbitrary code via forged administrative tokens.

Vulnerability

This is an SQL injection vulnerability within the folder ownership management functionality. Authenticated attackers can inject malicious SQL via the "owner" parameter to exfiltrate sensitive data, such as JWT signing secrets, and subsequently execute arbitrary code.

Business impact

The ability to extract JWT secrets and forge administrative tokens results in a complete compromise of the application's security posture. Given the CVSS score of 9.9, this vulnerability poses a catastrophic risk to data confidentiality and system integrity, potentially allowing full administrative control over the workflow execution environment.

Remediation

Immediate Action: Upgrade Windmill CE/EE to the latest available version that patches the folder ownership management SQL injection flaw.

Proactive Monitoring: Review application access logs for unusual SQL syntax patterns in the "owner" parameter and monitor for unauthorized administrative token generation.

Compensating Controls: Implement strict database input validation and ensure that database service accounts operate with the principle of least privilege to limit the impact of successful injections.

Exploitation status

Public Exploit Available: No

Analyst recommendation

This vulnerability represents a critical security risk that enables full system takeover. Administrators should prioritize patching the affected Windmill installations immediately to prevent credential forgery and arbitrary code execution.