PatchSiren cyber security CVE debrief
CVE-2026-23696 Windmill Labs CVE debrief
CVE-2026-23696 is a critical SQL injection vulnerability in Windmill CE and EE versions 1.276.0 through 1.603.2. The vulnerability is located in the folder ownership management functionality and allows authenticated attackers to inject SQL through the owner parameter. This type of vulnerability typically allows attackers to read sensitive data, execute arbitrary code, or elevate privileges. Administrators and users of affected versions should be aware of this vulnerability and take immediate action to mitigate the risk.
- Vendor
- Windmill Labs
- Product
- Windmill CE (Community Edition)
- CVSS
- CRITICAL 9.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-07
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-04-07
- Advisory updated
- 2026-07-14
Who should care
Administrators and users of Windmill CE and EE versions 1.276.0 through 1.603.2 should be aware of this vulnerability and take immediate action to mitigate the risk. This includes applying patches provided by the vendor, restricting access to the folder ownership management functionality, monitoring for suspicious activity, and using a web application firewall to detect and prevent SQL injection attacks. Security teams should prioritize this vulnerability due to its high severity and potential impact on the organization.
Technical summary
The vulnerability allows authenticated attackers to inject SQL through the owner parameter in the folder ownership management functionality. This can be used to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints. The vulnerability has a CVSS score of 9.4 and is considered Critical. Affected product deployments should be identified and patched as soon as possible.
Defensive priority
High
Recommended defensive actions
- Apply the patches provided by the vendor
- Restrict access to the folder ownership management functionality
- Monitor for suspicious activity
- Use a web application firewall to detect and prevent SQL injection attacks
- Regularly update and patch Windmill CE and EE
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-04-07T17:16:27.247Z and was last modified on 2026-07-14T16:16:52.363Z. The NVD entry is currently Awaiting Analysis. The vulnerability affects Windmill CE and EE versions 1.276.0 through 1.603.2. Evidence of exploitation has not been reported. Defenders should verify the presence of affected product deployments in their environments and review the official advisory for specific guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-07T17:16:27.247Z and has not been modified since then.