Description
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints.
Scores
CVSS v3
9.9
EPSS
0.0007
EPSS Percentile
20.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Lab Environment
COMMUNITY
Community Lab
Details
CWE
CWE-89
Status
published
Products (7)
Nextcloud/Flow
1.0.0 - 1.2.2
Nextcloud/Flow
1.3.0
Nextcloud/Flow
1.3.1
Windmill Labs/Windmill CE (Community Edition)
1.276.0 - 1.603.2
Windmill Labs/Windmill CE (Community Edition)
1.603.3
Windmill Labs/Windmill EE (Enterprise Edition)
1.276.0 - 1.603.2
Windmill Labs/Windmill EE (Enterprise Edition)
1.603.3
Published
Apr 07, 2026
Tracked Since
Apr 07, 2026