15 matches found
CVE-2026-27498
A connected PT-Security report identifies CVE-2026-27498 as a remote code execution (RCE) vulnerability affecting n8n. The excerpt confirms the vulnerability type but provides no version, root cause, exploit details, or confirmed remediation in the supplied documents. No explicit mitigations or p...
GHSA-X2MW-7J39-93XQ n8n has Arbitrary Command Execution via File Write and Git Operations
Impact An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary she...
EUVD-2025-25404
Malicious code in bioql PyPI...
CVE-2025-57749
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...
Symlink Attack
Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Symlink Attack via the Read/Write File node. An attacker can access restricted files by creating symbolic links that bypass directory restrictions. Remediation Upgrade n8n-core to version 1.106.0 ...
CVE-2025-57749
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...
CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...
CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...
CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...
CVE-2025-57749
n8n’s Read/Write File node is affected by a symlink traversal vulnerability disclosed for versions before 1.106.0. An attacker who can create symbolic links (e.g., via the Execute Command node) could bypass directory restrictions and read from or write to otherwise inaccessible paths. The issue d...
GHSA-GGJM-F3G4-RWMM n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...
PT-2025-34160 · N8N · N8N
Name of the Vulnerable Software and Affected Versions: n8n versions prior to 1.106.0 Description: n8n is a workflow automation platform. A symlink traversal vulnerability was discovered in the Read/Write File node. The node does not properly account for symbolic links symlinks, allowing an attack...
n8n 后置链接漏洞
n8n is a scalable workflow automation tool from the n8n open source. A security vulnerability exists in n8n versions prior to 1.106.0 that stems from the presence of symbolic link traversal in the Read/Write File node, which could lead to bypassing directory restrictions...
BrightSign Digital Signage (4k242) Directory Traversal Vulnerability
The BrightSign Digital Signage 4k242 is a multimedia playback device from BrightSign USA. A directory traversal vulnerability exists in the BrightSign Digital Signage 4k242 using firmware version 6.2.63 and earlier. An attacker can exploit the vulnerability by sending the 'rp' parameter to the...