Impact
An SQL injection flaw in the folder ownership management of Windmill Community and Enterprise Editions allows an authenticated user to inject arbitrary SQL via the owner parameter. The injection can reveal secrets such as the JWT signing key and admin identifiers, enabling the attacker to forge administrative tokens and execute arbitrary code through workflow execution endpoints, giving full control over the system.
Affected Systems
Windmill CE and EE releases between version 1.276.0 and 1.603.2 contain the vulnerability; the issue is fixed in release 1.603.3. If your environment runs Windmill from the affected range, the flaw applies.
Risk and Exploitability
The CVSS base score of 9.4 classifies the issue as critical. EPSS score of 5% and the vulnerability is not catalogued in CISA's KEV list. Attackers only need legitimate credentials to the Windmill instance to exploit the flaw. Once the SQL injection succeeds, the attacker may read sensitive information, craft a forged token, and invoke workflow endpoints to run arbitrary code, compromising confidentiality, integrity, and availability.
OpenCVE Enrichment