2 matches found
EUVD-2026-44625
n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...
Directory Traversal
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the ExecuteWorkflow node's localFile source option. An attacker can enumerate arbitrary files on the server host and in some instances can achieve arbitrary code execution by...