n8n Node.js Package < 1.123.12 / 2.x < 2.4.0 Arbitrary File Write via SSH Node (CVE-2026-25055)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.12, or 2.x prior to 2.4.0. It is, therefore, affected by an arbitrary file write vulnerability: - When workflows process uploaded files and transfer them to remote servers via the SSH node without validating the...

CVE-2026-25055

creationtimestamp| type| source ---|---|--- 2026-02-05 08:08:06+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-n8n-1 2026-02-05 22:01:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me5fc4dwzc2o 2026-02-05 22:02:17+00:00| seen|...

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @a700/n8n-nodes-agent700 (>=1.0.5 <=1.0.7) +260 more potentially affected by CVE-2026-25055 via n8n-workflow (>=2.0.0 <=2.3.1)

n8n-workflow NPM version =2.0.0, =1.0.0, =1.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.2.2, =0.3.6, =0.1.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-25055 Source advisory: SNYK:JS-N8NWORKFLOW-15220690...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-25055 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-25055 Source advisory: OSV:GHSA-M82Q-59GV-MCR9...

@0xlimao/n8n-nodes-ethereum (=0.1.1), @adhiraj2486/n8n-nodes-vigorus (=1.0.8) +699 more potentially affected by CVE-2026-25055 via n8n-workflow (>=1.0.0 <=1.120.4)

n8n-workflow NPM version =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.5.2, =1.0.1, =1.0.0, =0.1.1, =0.1.4 - @arwinho/n8n-nodes-oxxa =0.1.0 - @avisaapp/n8n-nodes-avisaapp =0.1.0 - @bergetai/n8n-nodes-all =1.1.0 and more Source cves: CVE-2026-25055 Source advisory: SNYK:JS-N8NWORKFLOW-15220690...

CVE-2026-25055 n8n Arbitrary File Write on Remote Systems via SSH Node

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those...

CVE-2020-25055

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The persona service allows attackers who control an unprivileged SecureFolder process to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 August 2020...

CVE-2018-25055

A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross...

CVE-2025-25055

Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed...

CVE-2025-25055

CVE-2025-25055 is a vulnerability in FileMegane (JIP InfoBridge) affecting versions above 1.0.0.0 and below 3.4.0.0. Root cause: authentication bypass by spoofing, enabling user impersonation and access to restricted file contents. Affected component: FileMegane server/authentication flow. Impact...

CVE-2025-25055

Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed...

CVE-2023-25055

Cross-Site Request Forgery CSRF vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin = 2.6.1 versions...

CVE-2023-25055 WordPress Google XML Sitemap for Videos Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin = 2.6.1 versions...

CVE-2023-25055

CVE-2023-25055 is a CSRF vulnerability in the WordPress plugin Google XML Sitemap for Videos (versions &lt;= 2.6.1). The issue stems from cross-site requests made by unauthenticated users to sitemap-related actions (e.g., video_sitemap_generate) that can be triggered through normal user interacti...

CVE-2023-25055 WordPress Google XML Sitemap for Videos Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin = 2.6.1 versions...

WordPress Google XML Sitemap for Videos Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Google XML Sitemap for Videos Type Plugin Vulnerable versions = 2.6.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25055 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a021f843b5d Credits Mika...

CVE-2018-25055

A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross...

CVE-2018-25055 FarCry Solr Pro Plugin Search solrProSearch.cfc cross site scripting

A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross...

CVE-2018-25055

CVE-2018-25055 concerns FarCry Solr Pro Plugin (up to 1.5.x). The vulnerability lies in the Search Handler’s packages/forms/solrProSearch.cfc and the manipulation of the suggest ion argument, which enables cross-site scripting. It can be exploited remotely. Upgrading to version 1.6.0 addresses th...

CVE-2021-25055 FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)

The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting XSS within the "visibility" parameter...