CVE-2026-23696 — AI Deep Analysis Summary

🚨 **Essence**: SQL Injection in Windmill's folder ownership logic. 💥 **Consequences**: Attackers can read sensitive data, forge admin tokens, and execute arbitrary code.…

🛡️ **CWE-89**: Improper Neutralization of Special Elements used in an SQL Command. 🐛 **Flaw**: The `owner` parameter in the folder ownership management feature is not sanitized, allowing malicious SQL payloads.

📦 **Product**: Windmill CE (Community Edition) by Windmill Labs. 📅 **Affected Versions**: 1.276.0 through 1.603.2. If you are outside this range, you are safe.

🕵️ **Privileges**: Can forge management tokens to impersonate admins. 📂 **Data**: Full access to read sensitive database contents. 💻 **Impact**: Remote Code Execution (RCE) is possible via token forgery.

🔑 **Auth Required**: Yes. PR:L (Privileges Required: Low). 🚫 **UI**: No User Interaction needed. ⚠️ **Network**: Attackable over Network (AV:N). You need a low-level account to exploit this.

🔥 **Public Exploit**: YES. 📂 **Source**: GitHub repo `Chocapikk/Windfall`. 📝 **Details**: Technical description available at `chocapikk.com`. Wild exploitation is highly likely given the PoC is public.

🔍 **Check**: Scan for Windmill instances running versions 1.276.0-1.603.2. 📂 **Feature**: Look for folder ownership API endpoints. 🧪 **Test**: Inject SQL payloads into the `owner` parameter.…

✅ **Fixed**: YES. 📦 **Patch**: Version **1.603.3** is the safe release. 🔄 **Action**: Upgrade immediately to v1.603.3 or later. Check the official GitHub release notes for confirmation.

🚧 **No Patch?**: Restrict network access to the Windmill instance. 🛑 **Mitigation**: Disable folder ownership modification features if possible.…

🚨 **Urgency**: CRITICAL. 🔴 **Priority**: P1. With public exploits and RCE potential, patch immediately. Do not wait. CVSS Score indicates High impact on Confidentiality, Integrity, and Availability.