CVE-2026-29059
- Source
- https://cve.org/CVERecord?id=CVE-2026-29059
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29059.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-29059
- Aliases
-
- GHSA-24fr-44f8-fqwg
- Published
- 2026-03-06T07:11:28.527Z
- Modified
- 2026-04-02T13:18:23.136348Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly
- Details
-
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "(/api/w/{workspace}/jobsu/getlog_file/{filename})". The filename parameter is concatenated into a file path without sanitization, allowing an attacker to read arbitrary files on the server using ../ sequences. This issue has been patched in version 1.603.3.
- Database specific
{ "cwe_ids": [ "CWE-22" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29059.json" }- References
Affected packages
Git / github.com/windmill-labs/windmill
Affected ranges
- Type
- GIT
- Repo
- https://github.com/windmill-labs/windmill
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.422.3
1.462.2
1.462.3
1.462.4
1.463.4
1.463.5
v1.*
v1.10.0
v1.10.1
v1.100.0
v1.100.1
v1.100.2
v1.101.0
v1.101.1
v1.102.0
v1.102.1
v1.103.0
v1.104.0
v1.104.1
v1.104.2
v1.105.0
v1.106.0
v1.106.1
v1.107.0
v1.108.0
v1.108.1
v1.108.2
v1.109.0
v1.109.1
v1.11.0
v1.110.0
v1.111.0
v1.111.1
v1.111.2
v1.111.3
v1.112.0
v1.113.0
v1.113.1
v1.113.2
v1.114.0
v1.114.1
v1.114.2
v1.115.0
v1.116.0
v1.117.0
v1.118.0
v1.119.0
v1.12.0
v1.120.0
v1.121.0
v1.122.0
v1.123.0
v1.123.1
v1.124.0
v1.125.0
v1.125.1
v1.126.0
v1.127.0
v1.127.1
v1.128.0
v1.129.0
v1.129.1
v1.13.0
v1.130.0
v1.131.0
v1.132.0
v1.133.0
v1.134.0
v1.134.1
v1.134.2
v1.135.0
v1.135.1
v1.136.0
v1.137.0
v1.137.1
v1.138.0
v1.138.1
v1.139.0
v1.14.0
v1.14.1
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.140.0
v1.140.1
v1.141.0
v1.142.0
v1.143.0
v1.144.0
v1.144.1
v1.144.2
v1.144.3
v1.144.4
v1.145.0
v1.145.1
v1.145.2
v1.145.3
v1.146.0
v1.146.1
v1.147.0
v1.147.1
v1.147.2
v1.147.3
v1.148.0
v1.149.0
v1.15.0
v1.15.1
v1.150.0
v1.151.0
v1.151.1
v1.151.2
v1.152.0
v1.153.0
v1.154.0
v1.154.1
v1.154.2
v1.155.0
v1.156.0
v1.156.1
v1.157.0
v1.158.0
v1.158.1
v1.158.2
v1.159.0
v1.16.0
v1.16.1
v1.160.0
v1.161.0
v1.162.0
v1.162.1
v1.162.2
v1.163.0
v1.163.1
v1.164.0
v1.165.0
v1.166.0
v1.166.1
v1.167.0
v1.168.0
v1.168.1
v1.168.2
v1.168.3
v1.169.0
v1.17.0
v1.17.1
v1.170.0
v1.171.0
v1.172.0
v1.172.1
v1.173.0
v1.174.0
v1.175.0
v1.176.0
v1.177.0
v1.177.1
v1.178.0
v1.178.1
v1.179.0
v1.179.1
v1.18.0
v1.180.0
v1.181.0
v1.182.0
v1.182.1
v1.182.2
v1.182.3
v1.183.0
v1.184.0
v1.185.0
v1.186.0
v1.187.0
v1.188.0
v1.188.1
v1.189.0
v1.19.0
v1.19.1
v1.19.2
v1.19.3
v1.190.0
v1.190.1
v1.190.2
v1.190.3
v1.191.0
v1.192.0
v1.193.0
v1.194.0
v1.195.0
v1.196.0
v1.197.0
v1.197.1
v1.198.0
v1.199.0
v1.20.0
v1.200.0
v1.201.0
v1.202.0
v1.202.1
v1.203.0
v1.204.0
v1.204.1
v1.205.0
v1.206.0
v1.207.0
v1.208.0
v1.209.0
v1.21.0
v1.21.1
v1.210.0
v1.210.1
v1.211.0
v1.212.0
v1.213.0
v1.214.0
v1.214.1
v1.215.0
v1.216.0
v1.217.0
v1.218.0
v1.219.0
v1.219.1
v1.22.0
v1.220.0
v1.221.0
v1.222.0
v1.223.0
v1.223.1
v1.224.0
v1.224.1
v1.225.0
v1.225.1
v1.226.0
v1.226.1
v1.227.0
v1.227.1
v1.228.0
v1.228.1
v1.229.0
v1.23.0
v1.230.0
v1.231.0
v1.232.0
v1.233.0
v1.234.0
v1.234.1
v1.235.0
v1.235.1
v1.236.0
v1.236.1
v1.236.2
v1.237.0
v1.238.0
v1.239.0
v1.24.0
v1.24.1
v1.24.2
v1.240.0
v1.241.0
v1.242.0
v1.243.0
v1.244.0
v1.244.1
v1.244.2
v1.244.4
v1.245.0
v1.245.1
v1.246.0
v1.246.1
v1.246.10
v1.246.11
v1.246.12
v1.246.13
v1.246.14
v1.246.15
v1.246.2
v1.246.3
v1.246.4
v1.246.5
v1.246.6
v1.246.7
v1.246.8
v1.246.9
v1.247.0
v1.248.0
v1.249.0
v1.25.0
v1.250.0
v1.251.0
v1.251.1
v1.252.0
v1.253.0
v1.253.1
v1.253.2
v1.253.3
v1.253.4
v1.253.5
v1.253.6
v1.253.7
v1.253.8
v1.254.0
v1.254.1
v1.255.0
v1.256.0
v1.257.0
v1.258.0
v1.258.1
v1.258.2
v1.258.3
v1.258.4
v1.259.0
v1.259.1
v1.259.2
v1.26.0
v1.26.1
v1.26.2
v1.26.3
v1.260.0
v1.260.1
v1.261.0
v1.262.0
v1.262.1
v1.263.0
v1.263.1
v1.264.0
v1.265.0
v1.265.1
v1.265.2
v1.265.3
v1.266.0
v1.266.1
v1.267.0
v1.268.0
v1.269.0
v1.27.0
v1.27.1
v1.27.2
v1.270.0
v1.270.1
v1.270.2
v1.270.3
v1.271.0
v1.272.0
v1.273.0
v1.274.0
v1.274.1
v1.275.0
v1.275.1
v1.275.2
v1.275.3
v1.275.4
v1.275.5
v1.275.6
v1.276.0
v1.276.1
v1.277.0
v1.277.1
v1.278.0
v1.278.1
v1.278.2
v1.278.3
v1.278.4
v1.278.5
v1.279.0
v1.28.0
v1.28.1
v1.280.0
v1.281.0
v1.281.1
v1.281.2
v1.281.3
v1.282.0
v1.282.1
v1.282.2
v1.283.0
v1.284.0
v1.284.1
v1.285.0
v1.285.1
v1.285.2
v1.285.3
v1.285.4
v1.286.0
v1.286.1
v1.286.2
v1.287.0
v1.287.1
v1.288.0
v1.289.0
v1.29.0
v1.290.0
v1.290.1
v1.291.0
v1.291.1
v1.291.2
v1.291.3
v1.291.4
v1.292.0
v1.292.1
v1.292.2
v1.292.3
v1.292.4
v1.293.0
v1.293.1
v1.294.0
v1.295.0
v1.295.1
v1.295.2
v1.295.3
v1.295.4
v1.296.0
v1.296.1
v1.297.0
v1.297.1
v1.298.0
v1.299.0
v1.299.1
v1.30.0
v1.300.0
v1.301.0
v1.302.0
v1.303.0
v1.303.1
v1.303.2
v1.303.3
v1.303.4
v1.304.0
v1.304.1
v1.304.2
v1.304.3
v1.304.4
v1.305.0
v1.305.1
v1.305.2
v1.305.3
v1.306.0
v1.306.1
v1.306.2
v1.306.3
v1.306.4
v1.307.0
v1.308.0
v1.308.1
v1.308.2
v1.309.0
v1.309.1
v1.309.2
v1.31.0
v1.310.0
v1.311.0
v1.312.0
v1.313.0
v1.314.0
v1.315.0
v1.315.1
v1.316.0
v1.316.2
v1.317.0
v1.317.1
v1.318.0
v1.319.0
v1.319.1
v1.32.0
v1.320.0
v1.320.1
v1.320.2
v1.320.3
v1.321.0
v1.321.1
v1.321.2
v1.321.3
v1.321.4
v1.321.5
v1.321.6
v1.322.0
v1.323.0
v1.323.1
v1.323.2
v1.323.3
v1.323.4
v1.323.5
v1.323.6
v1.324.0
v1.324.1
v1.324.2
v1.325.0
v1.325.1
v1.325.2
v1.326.0
v1.326.1
v1.327.0
v1.328.0
v1.329.0
v1.33.0
v1.330.0
v1.330.1
v1.331.0
v1.331.1
v1.331.2
v1.332.0
v1.332.1
v1.333.0
v1.333.1
v1.333.2
v1.333.3
v1.333.4
v1.333.5
v1.334.0
v1.335.0
v1.336.0
v1.336.1
v1.337.0
v1.338.0
v1.338.1
v1.338.2
v1.338.3
v1.339.0
v1.339.1
v1.339.2
v1.34.0
v1.340.0
v1.340.1
v1.340.2
v1.341.0
v1.341.1
v1.342.0
v1.343.0
v1.343.1
v1.343.2
v1.343.3
v1.344.0
v1.344.1
v1.344.2
v1.344.3
v1.345.0
v1.345.1
v1.345.2
v1.346.0
v1.346.1
v1.346.2
v1.347.0
v1.347.1
v1.348.0
v1.348.1
v1.348.2
v1.349.0
v1.349.1
v1.35.0
v1.350.0
v1.350.1
v1.350.2
v1.350.3
v1.351.0
v1.352.0
v1.353.0
v1.354.0
v1.355.0
v1.355.1
v1.355.2
v1.355.3
v1.355.4
v1.356.0
v1.356.1
v1.357.0
v1.358.0
v1.358.1
v1.359.0
v1.36.0
v1.360.0
v1.360.1
v1.361.0
v1.361.1
v1.362.0
v1.363.0
v1.364.0
v1.364.1
v1.364.2
v1.364.3
v1.365.0
v1.366.0
v1.366.1
v1.366.2
v1.366.3
v1.366.4
v1.366.5
v1.366.6
v1.367.0
v1.367.1
v1.367.2
v1.368.0
v1.368.1
v1.368.2
v1.368.3
v1.369.0
v1.369.1
v1.37.0
v1.370.0
v1.371.0
v1.371.1
v1.371.2
v1.371.3
v1.371.4
v1.372.0
v1.373.0
v1.373.1
v1.374.0
v1.375.0
v1.376.0
v1.376.1
v1.377.0
v1.377.1
v1.378.0
v1.379.0
v1.379.1
v1.379.2
v1.379.3
v1.379.4
v1.38.0
v1.38.1
v1.38.2
v1.38.3
v1.38.4
v1.38.5
v1.380.0
v1.380.1
v1.381.0
v1.382.0
v1.382.1
v1.382.2
v1.383.0
v1.383.1
v1.384.0
v1.385.0
v1.386.0
v1.387.0
v1.387.1
v1.388.0
v1.389.0
v1.389.1
v1.39.0
v1.390.0
v1.390.1
v1.391.0
v1.392.0
v1.393.0
v1.393.1
v1.393.2
v1.393.3
v1.393.4
v1.394.0
v1.394.1
v1.394.2
v1.394.3
v1.394.4
v1.394.5
v1.394.6
v1.395.0
v1.396.0
v1.396.1
v1.397.0
v1.397.1
v1.397.2
v1.397.3
v1.397.4
v1.398.0
v1.398.1
v1.399.0
v1.40.0
v1.40.1
v1.400.0
v1.401.0
v1.402.0
v1.402.1
v1.402.2
v1.402.3
v1.403.0
v1.403.1
v1.404.0
v1.404.1
v1.405.0
v1.405.1
v1.405.2
v1.405.3
v1.405.4
v1.405.5
v1.406.0
v1.407.0
v1.407.1
v1.407.2
v1.408.0
v1.408.1
v1.409.0
v1.409.1
v1.409.2
v1.409.3
v1.409.4
v1.41.0
v1.410.0
v1.410.1
v1.410.2
v1.410.3
v1.411.0
v1.411.1
v1.412.0
v1.413.0
v1.413.1
v1.413.2
v1.414.0
v1.414.1
v1.414.2
v1.415.0
v1.415.1
v1.415.2
v1.416.0
v1.416.1
v1.416.2
v1.417.0
v1.417.1
v1.417.2
v1.417.3
v1.418.0
v1.419.0
v1.42.0
v1.42.1
v1.420.0
v1.420.1
v1.421.0
v1.421.1
v1.421.2
v1.422.0
v1.422.1
v1.423.0
v1.423.1
v1.423.2
v1.424.0
v1.425.0
v1.425.1
v1.426.0
v1.426.1
v1.427.0
v1.428.0
v1.428.1
v1.429.0
v1.43.0
v1.43.1
v1.43.2
v1.430.0
v1.430.1
v1.430.2
v1.431.0
v1.431.1
v1.432.0
v1.433.0
v1.434.0
v1.434.1
v1.434.2
v1.435.0
v1.435.1
v1.435.2
v1.436.0
v1.437.0
v1.437.1
v1.438.0
v1.439.0
v1.44.0
v1.440.0
v1.440.1
v1.440.2
v1.440.3
v1.441.0
v1.441.1
v1.441.2
v1.442.0
v1.443.0
v1.444.0
v1.445.0
v1.445.1
v1.446.0
v1.447.0
v1.447.1
v1.447.2
v1.447.3
v1.447.4
v1.447.5
v1.447.6
v1.448.0
v1.448.1
v1.449.0
v1.449.1
v1.449.2
v1.449.3
v1.45.0
v1.450.0
v1.450.1
v1.451.0
v1.452.0
v1.452.1
v1.453.0
v1.453.1
v1.454.0
v1.454.1
v1.455.0
v1.455.1
v1.455.2
v1.456.0
v1.457.0
v1.457.1
v1.458.0
v1.458.1
v1.458.2
v1.458.3
v1.458.4
v1.459.0
v1.46.0
v1.46.1
v1.46.2
v1.460.0
v1.460.1
v1.461.0
v1.461.1
v1.462.0
v1.462.1
v1.462.2
v1.462.3
v1.463.0
v1.463.1
v1.463.2
v1.463.3
v1.463.4
v1.463.5
v1.463.6
v1.464.0
v1.465.0
v1.466.0
v1.466.1
v1.466.2
v1.466.3
v1.467.0
v1.467.1
v1.468.0
v1.469.0
v1.47.0
v1.47.1
v1.47.2
v1.47.3
v1.470.0
v1.470.1
v1.471.0
v1.471.1
v1.472.0
v1.472.1
v1.473.0
v1.473.1
v1.474.0
v1.475.0
v1.475.1
v1.476.0
v1.477.0
v1.477.1
v1.478.0
v1.478.1
v1.479.0
v1.479.1
v1.479.2
v1.479.3
v1.48.0
v1.48.1
v1.48.2
v1.480.0
v1.480.1
v1.481.0
v1.482.0
v1.482.1
v1.483.0
v1.483.1
v1.483.2
v1.484.0
v1.485.0
v1.485.1
v1.485.2
v1.485.3
v1.486.0
v1.486.1
v1.487.0
v1.488.0
v1.489.0
v1.49.0
v1.49.1
v1.490.0
v1.491.0
v1.491.1
v1.491.2
v1.491.3
v1.491.4
v1.491.5
v1.492.0
v1.492.1
v1.493.0
v1.493.1
v1.493.2
v1.493.3
v1.493.4
v1.494.0
v1.495.0
v1.495.1
v1.496.0
v1.496.1
v1.496.2
v1.496.3
v1.497.0
v1.497.1
v1.497.2
v1.498.0
v1.499.0
v1.50.0
v1.500.0
v1.500.1
v1.500.2
v1.500.3
v1.501.0
v1.501.1
v1.501.2
v1.501.3
v1.501.4
v1.502.0
v1.502.1
v1.502.2
v1.503.0
v1.503.1
v1.503.2
v1.503.3
v1.504.0
v1.505.0
v1.505.1
v1.505.2
v1.505.3
v1.505.4
v1.506.0
v1.507.0
v1.507.1
v1.507.2
v1.508.0
v1.509.0
v1.509.1
v1.509.2
v1.51.0
v1.510.0
v1.510.1
v1.511.0
v1.512.0
v1.513.0
v1.513.1
v1.514.0
v1.514.1
v1.515.0
v1.515.1
v1.516.0
v1.517.0
v1.518.0
v1.518.1
v1.518.2
v1.519.0
v1.519.1
v1.519.2
v1.52.0
v1.520.0
v1.520.1
v1.521.0
v1.522.0
v1.522.1
v1.523.0
v1.524.0
v1.525.0
v1.526.0
v1.526.1
v1.527.0
v1.527.1
v1.528.0
v1.529.0
v1.53.0
v1.530.0
v1.531.0
v1.532.0
v1.533.0
v1.533.1
v1.534.0
v1.534.1
v1.535.0
v1.536.0
v1.537.0
v1.537.1
v1.538.0
v1.539.0
v1.539.1
v1.54.0
v1.540.0
v1.540.1
v1.540.2
v1.541.0
v1.541.1
v1.542.0
v1.542.1
v1.542.2
v1.542.3
v1.542.4
v1.543.0
v1.544.0
v1.544.1
v1.544.2
v1.545.0
v1.546.0
v1.546.1
v1.547.0
v1.548.0
v1.548.1
v1.548.2
v1.548.3
v1.549.0
v1.549.1
v1.55.0
v1.550.0
v1.551.0
v1.551.1
v1.551.2
v1.551.3
v1.551.4
v1.552.0
v1.552.1
v1.553.0
v1.554.0
v1.554.1
v1.555.0
v1.555.1
v1.555.2
v1.556.0
v1.556.1
v1.557.0
v1.558.0
v1.558.1
v1.559.0
v1.56.0
v1.56.1
v1.560.0
v1.561.0
v1.562.0
v1.563.0
v1.563.1
v1.563.2
v1.563.3
v1.563.4
v1.564.0
v1.565.0
v1.566.0
v1.566.1
v1.567.0
v1.567.1
v1.567.2
v1.567.3
v1.568.0
v1.569.0
v1.57.0
v1.57.1
v1.570.0
v1.571.0
v1.572.0
v1.572.1
v1.572.2
v1.573.0
v1.573.1
v1.573.2
v1.573.3
v1.573.4
v1.573.5
v1.574.0
v1.574.1
v1.574.2
v1.574.3
v1.575.0
v1.575.1
v1.575.2
v1.575.3
v1.575.4
v1.576.0
v1.576.1
v1.576.2
v1.576.3
v1.577.0
v1.578.0
v1.579.0
v1.579.1
v1.579.2
v1.58.0
v1.580.0
v1.581.0
v1.581.1
v1.582.0
v1.582.1
v1.582.2
v1.583.0
v1.583.1
v1.583.2
v1.583.3
v1.584.0
v1.585.0
v1.585.1
v1.586.0
v1.587.0
v1.587.1
v1.588.0
v1.589.0
v1.589.1
v1.589.2
v1.589.3
v1.59.0
v1.590.0
v1.591.0
v1.591.1
v1.591.2
v1.591.3
v1.591.4
v1.592.0
v1.592.1
v1.593.0
v1.593.1
v1.594.0
v1.595.0
v1.596.0
v1.597.0
v1.597.1
v1.598.0
v1.599.0
v1.599.1
v1.599.2
v1.599.3
v1.6.0
v1.6.1
v1.60.0
v1.600.0
v1.600.1
v1.601.0
v1.601.1
v1.602.0
v1.603.0
v1.603.1
v1.603.2
v1.61.0
v1.61.1
v1.62.0
v1.63.0
v1.63.1
v1.63.2
v1.64.0
v1.65.0
v1.66.0
v1.66.1
v1.67.0
v1.67.1
v1.67.2
v1.67.3
v1.67.4
v1.68.0
v1.69.0
v1.69.1
v1.69.2
v1.69.3
v1.7.0
v1.70.0
v1.70.1
v1.71.0
v1.72.0
v1.73.0
v1.73.1
v1.74.0
v1.74.1
v1.74.2
v1.75.0
v1.76.0
v1.77.0
v1.78.0
v1.79.0
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.80.0
v1.80.1
v1.81.0
v1.82.0
v1.83.0
v1.83.1
v1.84.0
v1.84.1
v1.85.0
v1.86.0
v1.87.0
v1.88.0
v1.88.1
v1.89.0
v1.9.0
v1.90.0
v1.91.0
v1.92.0
v1.92.1
v1.92.2
v1.93.0
v1.93.1
v1.94.0
v1.95.0
v1.95.1
v1.96.0
v1.96.1
v1.96.2
v1.96.3
v1.97.0
v1.98.0
v1.99.0