9 matches found
Directory Traversal
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the ExecuteWorkflow node's localFile source option. An attacker can enumerate arbitrary files on the server host and in some instances can achieve arbitrary code execution by...
BIT-ELK-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
EUVD-2026-8873
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-26938
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-26938
CVE-2026-26938 concerns Kibana’s Workflows feature. The issue is an improper neutralization of special elements used in a template engine, enabling reading arbitrary files from the Kibana server filesystem and SSRF via Code Injection (CAPEC-242). It requires an authenticated user with the workflo...
CVE-2026-26938
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
Kibana 9.3.1 Security Update (ESA-2026-17)
Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery SSRF Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files...