CVE-2026-47107: Incorrect Default Permissions in windmill-labs windmill
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes. Attackers can exploit persistent poisoned entries across all subsequent script executions on the same worker pod to redirect hostnames, intercept DNS queries, perform transparent HTTPS man-in-the-middle attacks, and intercept WM_TOKEN JWTs to gain workspace-admin access to victim workspaces across tenants.
AI Analysis
Technical Summary
Windmill versions prior to 1.703.2 contain a vulnerability due to incorrect default permissions in nsjail sandbox configuration files. Specifically, the /etc directory is bind-mounted without read-write restrictions, allowing authenticated users executing scripts in the sandbox to write arbitrary entries to sensitive system files like /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt. This can be exploited to persistently poison DNS resolution and SSL certificate validation across script executions on the same worker pod. The impact includes redirecting hostnames, intercepting DNS queries, performing transparent HTTPS man-in-the-middle attacks, and stealing WM_TOKEN JWTs to escalate privileges to workspace-admin across tenants. The vulnerability is rated critical with a CVSS 4.0 score of 9.3. No patch or official remediation level has been published yet.
Potential Impact
The vulnerability allows authenticated users to modify critical system configuration files within the sandbox environment, leading to persistent DNS poisoning and HTTPS man-in-the-middle attacks. Attackers can intercept authentication tokens (WM_TOKEN JWTs) and escalate privileges to workspace-admin level across multiple tenants, compromising confidentiality and integrity of the affected environments. This can result in unauthorized access and control over victim workspaces.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict authenticated user access to vulnerable versions and consider isolating or disabling script execution sandboxes where possible to limit exposure.
CVE-2026-47107: Incorrect Default Permissions in windmill-labs windmill
Description
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes. Attackers can exploit persistent poisoned entries across all subsequent script executions on the same worker pod to redirect hostnames, intercept DNS queries, perform transparent HTTPS man-in-the-middle attacks, and intercept WM_TOKEN JWTs to gain workspace-admin access to victim workspaces across tenants.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Windmill versions prior to 1.703.2 contain a vulnerability due to incorrect default permissions in nsjail sandbox configuration files. Specifically, the /etc directory is bind-mounted without read-write restrictions, allowing authenticated users executing scripts in the sandbox to write arbitrary entries to sensitive system files like /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt. This can be exploited to persistently poison DNS resolution and SSL certificate validation across script executions on the same worker pod. The impact includes redirecting hostnames, intercepting DNS queries, performing transparent HTTPS man-in-the-middle attacks, and stealing WM_TOKEN JWTs to escalate privileges to workspace-admin across tenants. The vulnerability is rated critical with a CVSS 4.0 score of 9.3. No patch or official remediation level has been published yet.
Potential Impact
The vulnerability allows authenticated users to modify critical system configuration files within the sandbox environment, leading to persistent DNS poisoning and HTTPS man-in-the-middle attacks. Attackers can intercept authentication tokens (WM_TOKEN JWTs) and escalate privileges to workspace-admin level across multiple tenants, compromising confidentiality and integrity of the affected environments. This can result in unauthorized access and control over victim workspaces.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict authenticated user access to vulnerable versions and consider isolating or disabling script execution sandboxes where possible to limit exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-05-18T19:22:26.748Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0ca2183cb6383434df161f
Added to database: 5/19/2026, 5:47:04 PM
Last enriched: 5/19/2026, 5:47:46 PM
Last updated: 5/19/2026, 7:02:03 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.