6 matches found
CVE-2026-49465
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...
EUVD-2026-38484
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leadi...
CVE-2026-44790 n8n: Arbitrary File Read via Git Node
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leadi...
CVE-2026-49465
Summary (CVE-2026-49465) : The n8n open source workflow automation platform before versions 1.123.48, 2.21.8, and 2.22.4 is affected. An authenticated user with permission to create or modify workflows could pass a local filesystem path as the source repository in the Git node’s Clone operation, ...
n8n: Git Node Clone and Push Operations Bypass File Sandbox
Impact An authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8NRESTRICTFILEACCESSTO file sandbox. This allowed the...
GHSA-57G9-58C2-XJG3 n8n Has an Arbitrary File Read via Git Node
Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. Patches The issue has been fixed in n8n versions 1.123.43,...