Vulnerabilidades em windmill-labs
4 resultadosCVE-2026-29059MEDIUMWindmill: SUPERADMIN_SECRET (rarely used) can be accessed publiclyEPSS 2.6%CVE-2026-33881HIGHWindmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executorEPSS 0.4%CVE-2026-26964LOWWindmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace MembersEPSS 0.3%CVE-2026-47107HIGHWindmill < 1.703.2 Incorrect Default Permissions in nsjail ConfigurationEPSS 0.2%