PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23696 Windmill Labs CVE debrief

CVE-2026-23696 is a critical SQL injection vulnerability in Windmill CE and EE versions 1.276.0 through 1.603.2. The vulnerability is located in the folder ownership management functionality and allows authenticated attackers to inject SQL through the owner parameter. This type of vulnerability typically allows attackers to read sensitive data, execute arbitrary code, or elevate privileges. Administrators and users of affected versions should be aware of this vulnerability and take immediate action to mitigate the risk.

Vendor
Windmill Labs
Product
Windmill CE (Community Edition)
CVSS
CRITICAL 9.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-07
Original CVE updated
2026-07-14
Advisory published
2026-04-07
Advisory updated
2026-07-14

Who should care

Administrators and users of Windmill CE and EE versions 1.276.0 through 1.603.2 should be aware of this vulnerability and take immediate action to mitigate the risk. This includes applying patches provided by the vendor, restricting access to the folder ownership management functionality, monitoring for suspicious activity, and using a web application firewall to detect and prevent SQL injection attacks. Security teams should prioritize this vulnerability due to its high severity and potential impact on the organization.

Technical summary

The vulnerability allows authenticated attackers to inject SQL through the owner parameter in the folder ownership management functionality. This can be used to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints. The vulnerability has a CVSS score of 9.4 and is considered Critical. Affected product deployments should be identified and patched as soon as possible.

Defensive priority

High

Recommended defensive actions

  • Apply the patches provided by the vendor
  • Restrict access to the folder ownership management functionality
  • Monitor for suspicious activity
  • Use a web application firewall to detect and prevent SQL injection attacks
  • Regularly update and patch Windmill CE and EE
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-04-07T17:16:27.247Z and was last modified on 2026-07-14T16:16:52.363Z. The NVD entry is currently Awaiting Analysis. The vulnerability affects Windmill CE and EE versions 1.276.0 through 1.603.2. Evidence of exploitation has not been reported. Defenders should verify the presence of affected product deployments in their environments and review the official advisory for specific guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-07T17:16:27.247Z and has not been modified since then.