PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-47107 windmill-labs CVE debrief

CVE-2026-47107 describes an incorrect default-permissions issue in Windmill's nsjail sandbox configuration. In affected versions before 1.703.2, /etc is bind-mounted without read-write restrictions, allowing authenticated users to alter files such as /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes. Because those changes can persist across later executions on the same worker pod, the flaw can be used to redirect hostnames, interfere with DNS resolution, enable transparent HTTPS interception, and potentially expose WM_TOKEN JWTs.

Vendor
windmill-labs
Product
windmill
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-19
Original CVE updated
2026-05-20
Advisory published
2026-05-19
Advisory updated
2026-05-20

Who should care

Windmill administrators and operators, especially in multi-tenant deployments that run script execution sandboxes on shared worker pods. Security teams responsible for token handling, identity boundaries, DNS trust, and pod-level isolation should also treat this as a high-priority issue.

Technical summary

The issue is a sandbox hardening failure: nsjail configuration files allow /etc to be bind-mounted in a way that does not enforce read-only protection. Authenticated users executing scripts inside the sandbox can write arbitrary entries into system configuration files that affect name resolution and TLS trust. The risk is amplified by persistence on the same worker pod, which can carry poisoned settings into subsequent executions. The supplied description also states that this may be leveraged to redirect traffic, intercept DNS queries, perform HTTPS man-in-the-middle attacks, and capture WM_TOKEN JWTs that could be used to access other workspaces with workspace-admin privileges.

Defensive priority

High. The supplied CVSS score is 8.6 (HIGH), and the flaw can affect confidentiality, integrity, and cross-workspace trust in shared execution environments.

Recommended defensive actions

  • Upgrade Windmill to version 1.703.2 or later.
  • Review nsjail sandbox configuration to ensure /etc is not writable from script execution environments.
  • Verify worker pod filesystem and mount permissions to prevent persistent tampering across executions.
  • Check affected worker pods for unexpected changes to /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt.
  • Investigate DNS, hostname resolution, and TLS trust anomalies that could indicate poisoning or interception.
  • If exposure is suspected, rotate or invalidate WM_TOKENs and review workspace-admin activity for abuse.
  • Reassess isolation controls for shared worker pods used to run user-authenticated scripts.

Evidence notes

The record is based on the supplied NVD entry for CVE-2026-47107, which lists VulnCheck references to a Windmill commit, pull request #9194, and the v1.703.2 release tag. The NVD metadata in the provided corpus marks the CVE status as Deferred and assigns CWE-276 (Incorrect Default Permissions). No KEV entry was supplied.

Official resources

Disclosed in the supplied VulnCheck/NVD material and published as CVE-2026-47107 on 2026-05-19. The provided corpus ties the fix to Windmill v1.703.2 and related upstream commit/PR references.