8 matches found
CVE-2026-59206 n8n: Prototype Pollution via Workflow Credentials Leads to Unauthenticated User and Project Enumeration
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...
EUVD-2025-25785
Malicious code in bioql PyPI...
CVE-2025-55526
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...
CVE-2025-55526
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...
CVE-2025-55526
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...
CVE-2025-55526
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...
CVE-2025-55526
CVE-2025-55526 affects the n8n-workflows project. A directory traversal flaw exists in the download_workflow function inside api_server.py, allowing access to files outside the intended directory. The CVSSv3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N yields a base score of 9.1 (CRITICA...
PT-2025-34765 · Unknown · N8N-Workflows
Name of the Vulnerable Software and Affected Versions: n8n-workflows affected versions not specified Description: The software contains a directory traversal flaw within the download workflow function located in the api server.py file. This allows attackers to potentially access and manipulate...