CVE-2026-22683
- EPSS 0.68%
- Veröffentlicht 07.04.2026 16:50:30
- Zuletzt bearbeitet 24.04.2026 16:49:50
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and ...
CVE-2026-33881
- EPSS 0.38%
- Veröffentlicht 27.03.2026 20:34:32
- Zuletzt bearbeitet 08.04.2026 14:39:08
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor....
CVE-2026-29059
- EPSS 2.58%
- Veröffentlicht 06.03.2026 07:11:28
- Zuletzt bearbeitet 14.04.2026 17:48:25
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint "(/api/w/{workspace}/jobs_...
CVE-2026-26964
- EPSS 0.27%
- Veröffentlicht 19.02.2026 23:57:30
- Zuletzt bearbeitet 14.04.2026 00:50:19
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administra...