Windmill Labs Windmill Ce vulnerabilities
2 known vulnerabilities affecting windmill_labs/windmill_ce.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-23696P2CRITICALCVSS 9.9≥ 1.276.0, ≤ 1.603.22026-04-07
CVE-2026-23696 [CRITICAL] CWE-89 CVE-2026-23696: Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the fo
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signing secret and administrative user identifiers, forge
nvd
CVE-2026-22683P2HIGHCVSS 8.8≥ 1.56.0, ≤ 1.614.02026-04-07
CVE-2026-22683 [HIGH] CWE-862 CVE-2026-22683: Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows u
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or modify entities, the API does not enforce the Operator restriction on wor
nvd