All 4 CVE vulnerabilities found in windmill, with AI-generated Chinese analysis, references, and POCs.
Vendor: n/a
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33881 | Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor CWE-94 | 4.8 | - | 2026-03-27 |
| CVE-2026-29059 | Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly CWE-22 | 7.5 | - | 2026-03-06 |
| CVE-2026-26964 | Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members CWE-200 | 2.7 | Low | 2026-02-19 |
| CVE-2024-8462 | Windmill HTTP Request users.rs excessive authentication CWE-307 | 3.7 | Low | 2024-09-05 |
All 4 known CVE vulnerabilities affecting windmill with full Chinese analysis, references, and POCs where available.