PT-2026-6264 · N8N · N8N
Jjjutla
+1
·
Published
2026-02-04
·
Updated
2026-02-05
·
CVE-2026-25055
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
n8n versions prior to 1.123.12
n8n versions prior to 2.4.0
Description
n8n is a workflow automation platform. Before versions 1.123.12 and 2.4.0, workflows processing uploaded files and transferring them to remote servers via the SSH node lacked validation of file metadata. This could allow files to be written to unintended locations on remote systems, potentially leading to remote code execution. An attacker needs knowledge of existing workflows and unauthenticated access to file upload endpoints to exploit this issue.
Recommendations
Update n8n to version 1.123.12 or later.
Update n8n to version 2.4.0 or later.
Exploit
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
N8N