HIGH
windmill-labs
CVE published 2026-05-19
CVE-2026-47107
CVE-2026-47107 describes an incorrect default-permissions issue in Windmill's nsjail sandbox configuration. In affected versions before 1.703.2, /etc is bind-mounted without read-write restrictions, allowing authenticated users to alter files such as /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes. Because those changes can persist across later e [truncated]