CVE-2026-23696
SQL Injection in Windmill Folder Ownership Enables Remote Code Execution
Publication date: 2026-04-07
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| windmill | windmill | From 1.276.0 (inc) to 1.603.2 (inc) |
| windmill | windmill | From 1.56.0 (inc) to 1.614.0 (inc) |
| nextcloud | flow | From 1.2.0 (inc) to 34.0.0 (exc) |
| windmill | community_edition | From 1.276.0 (inc) to 1.603.2 (inc) |
| windmill | enterprise_edition | From 1.276.0 (inc) to 1.603.2 (inc) |
| nextcloud | flow | From 1.0.0 (inc) to 1.2.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-23696 is a critical authenticated SQL injection vulnerability in Windmill, an open-source workflow automation platform, affecting versions 1.276.0 through 1.603.2. The flaw exists in the folder ownership management functionality, specifically through the "owner" parameter, which allows authenticated attackers to inject malicious SQL commands.
Exploiting this vulnerability enables attackers to read sensitive data such as the JWT signing secret and administrative user identifiers. With this information, they can forge administrative tokens, escalate privileges from an operator role to super admin, and execute arbitrary code remotely via workflow execution endpoints, potentially achieving root-level remote code execution within the container.
The vulnerability arises from improper input validation and insufficient access controls in the backend API, allowing manipulation of PostgreSQL queries. It is part of a complex attack chain involving privilege escalation, credential leaks, and remote code execution, affecting both standalone Windmill deployments and Nextcloud Flow integrations.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to sensitive information, such as JWT signing secrets and administrative user identifiers, which compromises the security of authentication tokens.
Attackers can escalate their privileges from an authenticated operator to a super administrator, allowing them to execute arbitrary code remotely with root-level access inside the container hosting Windmill.
Such exploitation can lead to full system compromise, including the ability to create and execute malicious scripts, maintain persistence, harvest credentials, deploy reverse shells, and potentially pivot to other integrated systems like Nextcloud for complete server takeover.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-23696 is a critical authenticated SQL injection vulnerability that allows attackers to extract sensitive data such as JWT signing secrets and administrative user identifiers, forge administrative tokens, and execute arbitrary code remotely. This exposure of sensitive authentication credentials and administrative access could lead to unauthorized access to personal and protected data.
Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict protection of personal and sensitive information, secure authentication mechanisms, and prevention of unauthorized data access.
Therefore, exploitation of this vulnerability could result in violations of data protection requirements, leading to legal and regulatory consequences for affected organizations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2026-23696 involves identifying exploitation attempts of the authenticated SQL injection vulnerability in Windmill's folder ownership management functionality, specifically targeting the "owner" parameter.
Since the vulnerability requires authentication, monitoring authenticated API requests to endpoints handling folder ownership changes can help detect suspicious activity.
Look for unusual or malformed SQL-related payloads in the "owner" parameter in API requests, which may include SQL syntax or injection patterns.
Network or system detection commands could include:
- Using web server or API logs, grep for requests to folder ownership management endpoints containing suspicious SQL keywords or characters in the "owner" parameter, e.g., `grep -iE "owner=.*(union|select|--|;|')" /var/log/windmill/api.log`
- Monitor database query logs for unusual queries involving the owner field or unexpected privilege escalations.
- Check for anomalous JWT tokens or forged administrative tokens in authentication logs, which may indicate exploitation.
Because the vulnerability is authenticated and exploits SQL injection, detection is best performed by correlating API access logs, database logs, and authentication token anomalies.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps for CVE-2026-23696 include:
- Upgrade Windmill to version 1.603.3 or later, where the vulnerability has been patched by enforcing strict input validation on the "owner" parameter and preventing directory traversal.
- If using Nextcloud Flow, upgrade to a version that includes the updated Windmill version with the fix.
- Apply strict input validation and sanitization on any custom integrations or API calls involving folder ownership management.
- Monitor and restrict authenticated user permissions to minimize the risk of privilege escalation.
- Review and tighten access controls on workflow execution endpoints to prevent unauthorized code execution.
These steps help prevent exploitation by blocking injection vectors and limiting attacker capabilities.