CVE-2026-23696 — Windmill CE and EE versions 1.276.0 through 1.603.2...
CVE-2026-23696 漏洞深度分析
漏洞概述
CVE 编号: CVE-2026-23696
CVSS 评分: 9.4(CRITICAL)
CVSS 向量: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE 分类: CWE-89
漏洞状态: Awaiting Analysis
发布时间: 2026-04-07T17:16:27.247
最后更新: 2026-07-14T16:16:52.363
漏洞描述
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signing secret and administrative user identifiers, forge an administrative token, and then execute arbitrary code via the workflow execution endpoints.
影响分析
此漏洞的具体影响取决于实际利用场景。"
修复建议
- 及时关注厂商发布的安全更新和补丁
- 升级受影响组件到最新版本
- 如无法立即升级,参考厂商提供的临时缓解措施
- 加强网络访问控制和监控
参考链接
- https://apps.nextcloud.com/apps/flow/releases
- https://chocapikk.com/posts/2026/windfall-nextcloud-flow-windmill-rce/
- https://github.com/Chocapikk/Windfall
- https://github.com/windmill-labs/windmill/commit/942fb629210ebb287f48467d1535ffde3a3eeafe
- https://github.com/windmill-labs/windmill/releases/tag/v1.603.3