Windmill prior to 1.703.2 ships with an incorrect default permission setting in its nsjail sandbox configuration; the /etc directory is bind‑mounted without write‑restriction, allowing an authenticated user executing a script to modify files such as /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca‑certificates.crt. These changes can persist across all subsequent executions on the same worker pod, enabling an attacker to redirect hostnames, intercept DNS queries, perform transparent HTTPS man‑in‑the‑middle attacks, and capture WM_TOKEN JWTs to obtain workspace‑admin rights across tenants. The weakness is a classic “incorrect permissions” flaw (CWE‑276) and carries a CVSS score of 8.6.

The vulnerability affects any instance of Windmill deployed with a version earlier than 1.703.2, regardless of operating system. No specific patch or version list is given beyond the recommendation to upgrade to 1.703.2 or later.

Attackers require authenticated access to a worker pod where they can execute arbitrary scripts. From within that sandbox they can write to the bind‑mounted /etc hierarchy, so the attack vector is insider or compromised user credentials with script execution privileges. Because the effect is persistent within a pod, the impact is global across all scripts run later on that pod. The CVSS base score of 8.6 reflects this high impact; the EPSS score is 0.00016 (< 0.02%), indicating a very low but non‑zero exploitation probability, and the vulnerability is not yet listed in CISA’s KEV catalog. Nonetheless, the high severity and potential for cross‑tenant privilege escalation make it a critical risk for exposed Windmill deployments.