RCE in Windmill-labs Windmill

CVE-2026-33881

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeT…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.001 (23.1th percentile) — read the EPSS interpretation.