CVE-2026-47107
Windmill nsjail Sandbox /etc Hosts Poisoning Vulnerability
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| windmill | windmill | to 1.703.2 (exc) |
| windmill-labs | windmill | to 1.703.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-47107 is a critical security vulnerability in Windmill versions prior to 1.703.2 caused by incorrect default permissions in nsjail sandbox configuration files.
The vulnerability arises because the /etc directory is bind-mounted without read-write restrictions, allowing authenticated users within script execution sandboxes to write arbitrary entries to critical system files such as /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt.
Attackers can exploit this to persistently poison DNS entries across all subsequent script executions on the same worker pod, enabling hostname redirection, interception of DNS queries, transparent HTTPS man-in-the-middle attacks, and theft of WM_TOKEN JWTs.
Successful exploitation grants attackers workspace-admin access to victim workspaces across tenants.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access and control over multiple workspaces across tenants.
- Attackers can redirect hostnames and intercept DNS queries, compromising network communications.
- They can perform transparent HTTPS man-in-the-middle attacks by poisoning SSL certificate files.
- Attackers can steal WM_TOKEN JWTs, which can be used to gain workspace-admin privileges.
- The persistence of poisoned entries affects all subsequent script executions on the same worker pod, increasing the attack surface.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves writable /etc directory files within nsjail sandboxes, specifically /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt. Detection can focus on verifying if these files are writable inside the sandbox environment.
To detect the vulnerability, you can check the mount permissions of these files inside the sandbox or container environment to see if they are writable.
- Run inside the sandbox or container: ls -l /etc/hosts /etc/resolv.conf /etc/ssl/certs/ca-certificates.crt to check file permissions.
- Attempt to write to these files, for example: echo 'test' >> /etc/hosts. If the write succeeds, the vulnerability is present.
- Check mount points and options with: mount | grep '/etc' to verify if /etc or its submounts are mounted read-only or read-write.
Because the issue arises from non-recursive read-only remounts and writable Kubernetes-injected submounts, verifying mount propagation and bind-mount options is critical.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade Windmill to version 1.703.2 or later, which includes a fix that explicitly binds /etc/hosts, /etc/resolv.conf, and /etc/hostname as read-only within the nsjail sandbox configuration.
This fix prevents authenticated users from modifying critical files inside the sandbox, thereby blocking cross-tenant DNS poisoning and related attacks.
- Update Windmill to version 1.703.2 or later.
- Ensure nsjail configuration files explicitly bind /etc/hosts, /etc/resolv.conf, and /etc/hostname as read-only.
- Verify that the sandbox environment does not allow writable mounts of these critical files.
Note that other isolation modes (none and unshare) remain vulnerable and require separate mitigation strategies.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated users to write arbitrary entries to critical system files within script execution sandboxes, enabling persistent DNS poisoning, man-in-the-middle attacks, and interception of authentication tokens. This can lead to unauthorized access to workspace-admin privileges across tenants.
Such unauthorized access and interception of sensitive tokens could result in breaches of confidentiality and integrity of data, which are core concerns of compliance standards like GDPR and HIPAA.
Therefore, exploitation of this vulnerability could lead to non-compliance with these regulations due to potential unauthorized data access, data interception, and failure to maintain adequate security controls.