CVE-2026-23696
Windmill < 1.603.3 File Ownership Handling SQLi RCE
Vexday Risk Score
48Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.4EPSS 5.1%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Ciclo de vida
07 abr 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
Windmill Labs · Windmill CE (Community Edition)Windmill Labs · Windmill EE (Enterprise Edition)PoCs públicas encontradas — 2
cve_referencechocapikk.com/posts/2026/windfall-nextcloud-flow-windmill-rce/no verificadocve_referencegithub.com/Chocapikk/Windfallno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://apps.nextcloud.com/apps/flow/releaseshttps://chocapikk.com/posts/2026/windfall-nextcloud-flow-windmill-rce/https://github.com/Chocapikk/Windfallhttps://github.com/windmill-labs/windmill/commit/942fb629210ebb287f48467d1535ffde3a3eeafehttps://github.com/windmill-labs/windmill/releases/tag/v1.603.3https://www.vulncheck.com/advisories/windmill-file-ownership-handling-sqli-rcehttps://www.windmill.dev/