| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23696 | Windmill < 1.603.3 File Ownership Handling SQLi RCE | Windmill Labs | Windmill CE (Community Edition) | Critical | 9.9 | 2026-04-07 16:50:53 | Deep Dive |
| CVE-2026-22683 | Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE | Windmill Labs | Windmill CE (Community Edition) | High | 8.8 | 2026-04-07 16:50:30 | Deep Dive |
| CVE-2026-33881 | Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor | windmill-labs | windmill | 中危 | - | 2026-03-27 20:34:33 | Deep Dive |
| CVE-2026-29059 | Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly | windmill-labs | windmill | 中危 | - | 2026-03-06 07:11:29 | Deep Dive |
| CVE-2026-26964 | Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members | windmill-labs | windmill | Low | 2.7 | 2026-02-19 23:57:30 | Deep Dive |
| CVE-2024-8462 | Windmill HTTP Request users.rs excessive authentication | - | Windmill | Low | 3.7 | 2024-09-05 13:00:06 | Deep Dive |