CVE-2026-47107: Windmill Sandbox Vulnerability Exposes Admin Access
The National Vulnerability Database has disclosed CVE-2026-47107, a critical vulnerability in Windmill versions prior to 1.703.2. This flaw stems from incorrect default permissions within the nsjail sandbox configuration, specifically where /etc is bind-mounted without proper read-write restrictions. This allows authenticated users to write arbitrary entries to critical system files like /etc/hosts, /etc/resolv.conf, and /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes.
Attackers can exploit this to plant persistent, poisoned entries that affect all subsequent script executions on the same worker pod. This enables a range of sophisticated attacks: redirecting hostnames, intercepting DNS queries, and performing transparent HTTPS man-in-the-middle attacks. Critically, this can also be leveraged to intercept WM_TOKEN JWTs, granting workspace-admin access to victim workspaces across tenants. The National Vulnerability Database assigns this a CVSS score of 9.6 (CRITICAL), underscoring the severe impact.
This isn’t just a sandbox escape; it’s a direct path to full tenant compromise. The ability to manipulate core system configurations in a persistent manner within a shared environment is a red flag. Defenders need to recognize that this isn’t about privilege escalation on a single user’s session, but rather a persistent poisoning mechanism that affects the integrity and confidentiality of an entire worker pod’s operations and potentially all tenants relying on it.
What This Means For You
- If your organization uses Windmill, you must immediately patch to version 1.703.2 or later to mitigate CVE-2026-47107. Prioritize auditing your Windmill environments for any signs of `/etc` file modification from within sandboxed script executions. Assume compromise if unpatched systems were exposed to untrusted authenticated users and revoke any potentially intercepted `WM_TOKEN` JWTs.
Related ATT&CK Techniques
🛡️ Detection Rules
4 rules · 6 SIEM formats4 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-47107: Windmill nsjail Sandbox Write to /etc/hosts
title: CVE-2026-47107: Windmill nsjail Sandbox Write to /etc/hosts
id: scw-2026-05-19-ai-1
status: experimental
level: critical
description: |
Detects attempts to write to /etc/hosts within the Windmill nsjail sandbox, indicating exploitation of CVE-2026-47107. This allows attackers to poison DNS entries and redirect traffic.
author: SCW Feed Engine (AI-generated)
date: 2026-05-19
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-47107/
tags:
- attack.persistence
- attack.t1574.002
logsource:
category: file_event
detection:
selection:
TargetFilename|endswith:
- '/etc/hosts'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-47107 | Misconfiguration | Windmill software versions prior to 1.703.2 |
| CVE-2026-47107 | Privilege Escalation | Incorrect default permissions in nsjail sandbox configuration files |
| CVE-2026-47107 | Information Disclosure | Bind-mounting /etc without read-write restrictions in nsjail sandbox |
| CVE-2026-47107 | Auth Bypass | Arbitrary write to /etc/hosts, /etc/resolv.conf, /etc/ssl/certs/ca-certificates.crt from within script execution sandboxes |
| CVE-2026-47107 | Man-in-the-Middle | Interception of WM_TOKEN JWTs to gain workspace-admin access |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 19, 2026 at 21:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-20240 — Denial of Service
CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...
Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data
CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...