Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (vulncheck) · only source for this CVE.
CVSS VectorVendor: vulncheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints.
AnalysisAI
SQL injection in Windmill workflow orchestration platform versions 1.276.0 through 1.603.2 enables authenticated attackers to escalate privileges to administrator and achieve remote code execution. The vulnerability exists in folder ownership management functionality where the owner parameter lacks input sanitization, allowing extraction of JWT signing secrets and administrative user identifiers to forge admin tokens. Publicly available exploit code exists (GitHub POC by Chocapikk), and EPSS risk assessment is critical given the low-complexity remote attack vector requiring only low-privilege authentication. Vendor-released patch: version 1.603.3.
Technical ContextAI
Windmill is a workflow orchestration platform (both Community Edition and Enterprise Edition) that uses folder-based resource organization with ownership management. The vulnerability stems from CWE-89 (SQL Injection) in the folder ownership handling mechanism where user-supplied input in the owner parameter is concatenated directly into SQL queries without parameterization or sanitization. The CVSS 4.0 vector indicates network accessibility with low attack complexity and low privilege requirements. The SQL injection permits arbitrary SELECT queries, enabling attackers to extract cryptographic secrets from the database including JWT signing keys used for session management and authentication. The platform's workflow execution endpoints, which normally require administrative privileges, become accessible once an attacker forges a valid administrative JWT using the exfiltrated signing secret. This transforms a database read vulnerability into a complete system compromise vector through the platform's code execution capabilities inherent to workflow orchestration.
RemediationAI
Upgrade immediately to Windmill version 1.603.3 or later, which contains the vendor-released patch addressing the SQL injection vulnerability via commit 942fb629210ebb287f48467d1535ffde3a3eeafe available at https://github.com/windmill-labs/windmill/commit/942fb629210ebb287f48467d1535ffde3a3eeafe. The fix implements proper parameterized queries for folder ownership operations. After upgrading, rotate all JWT signing secrets as they may have been exfiltrated through prior exploitation, regenerate administrative access tokens, and audit workflow execution logs for unauthorized administrative actions between the deployment date of version 1.276.0 and patch application. No effective workaround exists short of disabling folder ownership modification functionality for non-administrative users, which breaks core platform functionality. Detailed technical analysis and exploitation methodology are documented at https://www.vulncheck.com/advisories/windmill-file-ownership-handling-sqli-rce and https://chocapikk.com/posts/2026/windfall-nextcloud-flow-windmill-rce/.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19748
GHSA-34m2-qrpf-6v7q