CVE-2026-29059

HIGH LAB

Windmill <1.603.3 - Path Traversal

Title source: llm

Description

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint "(/api/w/{workspace}/jobs_u/get_log_file/{filename})". The filename parameter is concatenated into a file path without sanitization, allowing an attacker to read arbitrary files on the server using ../ sequences. This issue has been patched in version 1.603.3.

Exploits (1)

nomisec WORKING POC 1 stars

by Chocapikk · poc

https://github.com/Chocapikk/Windfall

View Code ZIP pw:eip

References (3)

[Release Notes] https://github.com/windmill-labs/windmill/releases/tag/v1.603.3

[Vendor Advisory] https://github.com/windmill-labs/windmill/security/advisories/GHSA-24fr-44f8-fqwg

[Various Sources] https://github.com/Chocapikk/Windfall

Scores

CVSS v3 7.5

EPSS 0.0002

EPSS Percentile 5.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull nextcloud/all-in-one:latest

docker pull ghcr.io/windmill-labs/windmill:1.394.4

docker pull ghcr.io/windmill-labs/windmill:1.603.2

docker pull curlimages/curl:latest

https://github.com/Chocapikk/Windfall

View in Library

Details

CWE

CWE-22

Status published

Products (2)

windmill/windmill < 1.603.3

windmill-labs/windmill < 1.603.3

Published Mar 06, 2026

Tracked Since Mar 06, 2026