External risk intelligence

Windmill could allow internal attacker to gain administrative access to workspaces

CVE advisorySeverity: HIGH (CVSS 8.6)

CVE-2026-47107

An internal attacker can exploit a configuration flaw in Windmill to modify system files during script execution. This enables them to intercept user credentials and gain unauthorized administrative access to workspaces, potentially compromising sensitive tenant data.

1Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-47107

The vulnerability is an internal sandbox misconfiguration requiring authenticated platform access and script execution capabilities. It is not an internet-facing service or entry point, remaining isolated within the internal infrastructure and requiring prior authorization to trigger.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in Windmill allows authenticated users to modify critical system files within their sandboxed script executions. This can lead to significant compromise by redirecting network traffic, intercepting sensitive information, and enabling unauthorized access to other users' workspaces.

  • Authenticated users can abuse sandbox permissions.
  • Enables man-in-the-middle and token theft.
  • Leads to workspace takeover.

Attack Path

How an attacker could exploit the issue

An authenticated user with script execution privileges can abuse this vulnerability to tamper with system files inside a sandbox. This allows them to redirect network traffic, intercept sensitive data like JWTs, and impersonate other users to gain administrative access.

  • Requires authenticated user access.
  • Exploitable via script execution.
  • Allows man-in-the-middle attacks.

Live Threat

Current exploitation, exposure, and threat context

Attackers may find this vulnerability appealing due to its potential for persistent credential theft and lateral movement within a compromised environment, despite requiring authenticated access. The ability to intercept JWTs and manipulate host configurations provides a strong incentive for exploitation, assuming initial access is gained.

  • Requires authenticated access first.
  • Exploits sandbox misconfiguration.
  • Allows credential theft and redirection.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Teams should prioritize investigating logs for signs of unauthorized modifications to host configuration files within the Windmill nsjail sandbox environment. Authenticated users with script execution privileges can exploit this to compromise sensitive data or redirect traffic, so focus on detecting any suspicious changes to `/etc/hosts`, `/etc/resolv.conf`, or certificate stores.

  • Monitor for unauthorized /etc/hosts modifications.
  • Review script execution logs for anomalies.
  • Isolate affected worker pods if suspicious activity is confirmed.

Frequently asked questions

What is the software affected by CVE-2026-47107?

Windmill versions prior to 1.703.2 are affected by this vulnerability. The issue lies within the nsjail sandbox configuration files.

How does the incorrect default permissions vulnerability in Windmill work?

The vulnerability stems from the nsjail sandbox configuration incorrectly bind-mounting the /etc directory without read-write restrictions. This allows authenticated users, from within script execution sandboxes, to write arbitrary entries to critical files like /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt.

What can an attacker achieve by exploiting this vulnerability?

An attacker can exploit persistent poisoned entries across subsequent script executions to redirect hostnames, intercept DNS queries, and perform man-in-the-middle attacks. They can also intercept WM_TOKEN JWTs to gain workspace-admin access to other users' workspaces.

What is the relevance of this vulnerability given its internal exploitation path?

While exploitation requires authenticated access and script execution within a sandbox, the potential for persistent credential theft and lateral movement makes it appealing. Intercepting JWTs and manipulating host configurations offers a strong incentive for attackers who have already gained initial access.

What actions should teams take to address this vulnerability?

Teams should investigate logs for unauthorized modifications to host configuration files within the Windmill nsjail sandbox. Monitoring for suspicious changes to /etc/hosts, /etc/resolv.conf, or certificate stores is crucial. If confirmed, isolating affected worker pods is recommended.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified