CVE-2026-26964 Overview
CVE-2026-26964 is an Information Disclosure vulnerability affecting Windmill, an open-source developer platform for internal code including APIs, background jobs, workflows, and UIs. The vulnerability allows non-admin users to obtain Slack OAuth client secrets through the workspace settings API endpoint, which should only be accessible to workspace administrators.
Critical Impact
Authenticated non-admin users can access Slack OAuth client secrets via the /api/w/{workspace}/workspaces/get_settings endpoint, potentially leading to unauthorized access to Slack integrations and OAuth token theft.
Affected Products
- Windmill versions 1.634.6 and below
Discovery Timeline
- 2026-02-20 - CVE CVE-2026-26964 published to NVD
- 2026-02-20 - Last updated in NVD database
Technical Details for CVE-2026-26964
Vulnerability Analysis
This vulnerability stems from improper access control in Windmill's workspace settings retrieval functionality. The GET /api/w/{workspace}/workspaces/get_settings endpoint returns the slack_oauth_client_secret to any authenticated workspace member, regardless of their administrative privileges.
While it is expected behavior for non-admin users to see a redacted version of workspace settings (as some settings are necessary for the frontend to function correctly for all users), the Slack OAuth configuration should have been excluded from non-admin responses. This represents a legacy issue where the setting was stored as a plain value instead of using $variable indirection, and it was never added to the redaction logic.
Root Cause
The root cause is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability exists because the Slack OAuth client secret was stored as a plain value rather than using variable indirection, and the field was never added to the redaction logic that should strip sensitive fields for non-admin users when returning workspace settings.
Attack Vector
The attack is network-based and requires low complexity to exploit. An attacker needs to be an authenticated workspace member (non-admin) to access the vulnerable endpoint. The attack flow involves:
- An authenticated non-admin user makes a GET request to /api/w/{workspace}/workspaces/get_settings
- The API returns the full workspace settings including the slack_oauth_client_secret field
- The attacker obtains the Slack OAuth client secret which can be used to impersonate the application's Slack integration
use hex;
use sha2::{Digest, Sha256};
use std::collections::{HashMap, HashSet};
+use strum::IntoEnumIterator;
use uuid::Uuid;
-use strum::{IntoEnumIterator};
use windmill_audit::audit_oss::{audit_log, AuditAuthorable};
use windmill_audit::ActionKind;
use windmill_common::db::UserDB;
Source: GitHub Commit Changes
Detection Methods for CVE-2026-26964
Indicators of Compromise
- Unusual API requests to /api/w/{workspace}/workspaces/get_settings from non-admin users
- Unexpected access patterns to workspace configuration endpoints
- Slack OAuth token usage from unrecognized IP addresses or locations
Detection Strategies
- Monitor API access logs for GET /api/w/{workspace}/workspaces/get_settings requests from non-administrative user accounts
- Implement alerting on bulk or automated requests to workspace settings endpoints
- Review Slack OAuth activity logs for signs of unauthorized application impersonation
Monitoring Recommendations
- Enable detailed logging for all workspace settings API endpoints
- Configure alerts for non-admin users accessing sensitive configuration endpoints
- Monitor Slack integration activity for anomalous behavior or unauthorized access patterns
How to Mitigate CVE-2026-26964
Immediate Actions Required
- Upgrade Windmill to version 1.635.0 or later immediately
- Rotate all Slack OAuth client secrets that may have been exposed
- Audit access logs to determine if the vulnerability was exploited
- Review workspace user permissions and remove unnecessary access
Patch Information
Windmill has released version 1.635.0 which addresses this vulnerability. The fix ensures that slack_oauth_client_secret is properly stripped from the get_settings response for non-admin users. For detailed patch information, refer to the GitHub Security Advisory GHSA-f27g-j463-q85w and the GitHub Release v1.635.0.
Workarounds
- Restrict workspace membership to only trusted users until the patch can be applied
- Temporarily disable Slack integration if not critical to operations
- Use network segmentation to limit access to Windmill API endpoints
- Implement additional authentication layers for sensitive configuration endpoints
# Upgrade Windmill to patched version
# Using Docker:
docker pull ghcr.io/windmill-labs/windmill:1.635.0
# Or update your deployment configuration to reference v1.635.0
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
