CVE-2026-54136

MEDIUMPre-NVD 0.0
0.0
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • No confirmed exploitation signals yet
CISA-KEV: Not listedEPSS: CVSS: Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

Windmill: Resource-scoped API tokens can read script contents outside their allowed path via scripts/list_search

Summary

A resource-scoped API token can read script contents outside its allowed path scope via GET /api/w/{workspace}/scripts/list_search.

This appears to be a remaining variant of the scoped-token authorization class previously addressed for other endpoints. The route-level scope middleware validates the token domain/action, but does not enforce the resource/path segment of a scope. scripts/list_search then returns script path and content for scripts in the workspace without applying per-row path filtering against the token scopes.

Affected endpoint

GET /api/w/{workspace}/scripts/list_search

Affected versions

Confirmed in the current public repository code and believed to affect the latest published release at the time of review:

<= 1.714.1

Patched version: unknown.

Details

Windmill supports scoped API tokens with scopes in the format:

{domain}:{action}[:{resource}]

The parser supports resource-scoped values such as:

scripts:read:f/allowed/*

and the codebase contains helpers for resource matching, including wildcard matching.

However, the route-level scope check used for requests with scoped API tokens only validates the route domain and action. It does not compare the token's resource/path restriction against the requested route or against the rows returned by list endpoints.

For scripts/list_search, the handler returns path and content for scripts in the workspace:

SELECT path, content from script WHERE workspace_id = $1 AND archived = false LIMIT $2

There is no additional check_scopes(...) call in the handler and no per-row filtering based on the token's resource/path scope.

As a result, a token intended to read only scripts under one path prefix may be able to read script contents from unrelated paths in the same workspace.

Source-level reproduction

  • Create or use a workspace containing at least two scripts:
  • f/allowed/script_a
  • f/private/script_b
  • Create a scoped API token intended to read only the allowed path:

scripts:read:f/allowed/*

  • Use that token to call:

GET /api/w/{workspace}/scripts/list_search

  • Expected behavior:

The response should include only scripts matching the token's resource scope, e.g. only scripts under:

f/allowed/*

  • Actual behavior from source review:

The route-level scope check accepts the request as scripts:read, and the handler returns script path and content for scripts in the workspace without filtering the rows by the token's resource scope.

This can expose script source code from paths outside the token's intended scope.

Impact

A user or integration holding a path-restricted scripts:read:{resource} token may be able to read script contents from unrelated scripts in the same workspace.

Depending on how scripts are used, this may disclose:

  • internal automation logic,
  • integration details,
  • business logic,
  • inline configuration,
  • accidentally hardcoded secrets or credentials.

This does not require admin privileges. It requires possession of a valid scoped API token for the workspace.

Related context

This appears related to the broader class of issues where route-level token scope enforcement validates domain/action but not the resource/path portion of the scope. Similar scoped-token issues appear to have been fixed for other endpoints, such as resources/variables listing and job preview/run paths, but I did not find an equivalent fix for scripts/list_search.

Suggested fix

Apply resource/path scope enforcement to scripts/list_search.

Possible approaches:

  • Add explicit handler-level authorization similar to per-resource endpoints.
  • Filter returned rows so that a scoped token only receives scripts whose path is included by at least one scripts:read:{resource} scope.
  • Add regression tests for:
  • scripts:read:f/allowed/* cannot see f/private/script_b,
  • broad scripts:read still sees all accessible scripts,
  • unscoped tokens preserve current behavior,
  • filter-tag-only tokens preserve current compatibility behavior.

A more defensive long-term fix would be to make route-level scope enforcement aware of resource/path restrictions where the route contains a concrete resource path, while list endpoints should apply per-row filtering.

CVSS v3
EG Score
0.0(none)
EPSS
KEV
Not listed

Published

July 10, 2026

Last Modified

July 10, 2026

Vendor Advisories for CVE-2026-54136(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Data Freshness Timeline

(refreshed 1× in last 7d / 1× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-10 20:12 UTCEG score recompute

Frequently asked(3)

What is CVE-2026-54136?
CVE-2026-54136 is a medium vulnerability published on July 10, 2026. Windmill: Resource-scoped API tokens can read script contents outside their allowed path via scripts/list_search Summary A resource-scoped API token can read script contents outside its allowed path scope via GET /api/w/{workspace}/scripts/list_search. This appears to be a remaining variant of the…
When was CVE-2026-54136 disclosed?
CVE-2026-54136 was first published in the National Vulnerability Database on July 10, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
How do I remediate CVE-2026-54136?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-54136, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-54136

Explore →

Is Your Infrastructure Affected by CVE-2026-54136?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.