Lucene search
K

58 matches found

OSV
OSV
added 2026/04/09 2:16 p.m.4 views

DEBIAN-CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS5.5AI score0.00583EPSS
Exploits1References1
NVD
NVD
added 2026/04/09 2:16 p.m.3 views

CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS0.00583EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/04/09 2:16 p.m.9 views

CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS5.8AI score0.00583EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 1:47 p.m.5 views

CVE-2026-4660

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS6AI score0.00583EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/09 1:47 p.m.2 views

CVE-2026-4660 Go-getter may allow to arbitrary filesystem reads through git operations

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package...

7.5CVSS6AI score0.00583EPSS
Exploits1References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/04/09 1:23 p.m.8 views

Go-getter may allow to arbitrary filesystem reads through git operations

Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...

7.5CVSS6.1AI score0.00583EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

HashiCorp go-getter 安全漏洞

HashiCorp go-getter is a Go golang library from the American company HashiCorp, used to download files or directories using URLs as the main input format from various sources. HashiCorp go-getter versions prior to v1.8.5 contained a security vulnerability that allowed arbitrary files to be read...

7.5CVSS7.4AI score0.00583EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.6 views

CVE-2026-33724

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 6:26 p.m.4 views

CVE-2026-33724

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/25 6:26 p.m.35 views

CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

6.3CVSS0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

9CVSS6.3AI score0.00718EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 11:16 p.m.7 views

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

9CVSS0.00718EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/25 10:42 p.m.3 views

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

9CVSS6.3AI score0.00718EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 10:42 p.m.3 views

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

9CVSS6.3AI score0.00718EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/25 10:42 p.m.23 views

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

9CVSS0.00718EPSS
Exploits0References5
OSV
OSV
added 2026/02/25 10:42 p.m.8 views

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

9CVSS6.5AI score0.00718EPSS
Exploits0References7
CVE
CVE
added 2026/02/25 10:42 p.m.21 views

CVE-2026-27498

A connected PT-Security report identifies CVE-2026-27498 as a remote code execution (RCE) vulnerability affecting n8n. The excerpt confirms the vulnerability type but provides no version, root cause, exploit details, or confirmed remediation in the supplied documents. No explicit mitigations or p...

9CVSS6.3AI score0.00718EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/02/25 9:54 p.m.4 views

Arbitrary Code Injection

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the readWriteFile node in combination with git operations. An attacker can execute arbitrary commands on the host system by writing to specific configuration files and...

9CVSS6.2AI score0.00718EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/25 9:54 p.m.7 views

EUVD-2026-8760

n8n has Arbitrary Command Execution via File Write and Git Operations...

9CVSS5.4AI score0.00718EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/25 9:54 p.m.2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the readWriteFile node in combination with git operations. An attacker can execute arbitrary commands on the host system by writing to specific configuration files and triggering a git operation. This is onl...

9CVSS6.2AI score0.00718EPSS
Exploits0References2
Rows per page
Query Builder