183 matches found
n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
Impact When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key,...
EUVD-2026-15954
n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no...
GHSA-43V7-FP2V-68F6 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
Impact When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key,...
Authorization Bypass Through User-Controlled Key
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the Source Control feature when configured to use SSH, as the SSH command disables host key verification. An attacker can intercept repository dat...
CVE-2026-33724
n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...
CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...
CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...
CVE-2026-33724
n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...
CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...
CVE-2026-33724
n8n's CVE-2026-33724 affects the Source Control SSH workflow in n8n before version 2.5.0. When SSH is configured for git operations, the host key verification was disabled, allowing a network attacker between the n8n instance and the remote Git server to present a fraudulent host key and potentia...
n8n 安全漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the disabling of host key verification during SSH operations related to source control, which could lead to...
PT-2026-28085
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.5.0 Description n8n is a workflow automation platform. When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker...
CVE-2026-29185 @backstage/integration: Potential reading of SCM URLs using built in token
Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that...
CVE-2026-29185 @backstage/integration: Potential reading of SCM URLs using built in token
Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that...
CVE-2026-29185 @backstage/integration: Potential reading of SCM URLs using built in token
Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that...
Backstage vulnerable to potential reading of SCM URLs using built in token
Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...
Directory Traversal
Overview @backstage/integration is a Helpers for managing integrations towards external systems Affected versions of this package are vulnerable to Directory Traversal via the SCM URL parsing. An attacker can access unauthorized SCM provider API endpoints by supplying specially crafted SCM URLs...
PT-2026-23440
Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.20.1 Description Backstage is a framework for building developer portals. A flaw in how Backstage handles SCM URLs within integrations permitted path traversal sequences, even when encoded. This allowed requests t...
EPSON ESC/POS 访问控制错误漏洞
EPSON ESC/POS is a protocol used by the Japanese company EPSON for controlling POS printers. EPSON ESC/POS has a vulnerability related to access control. This vulnerability stems from the lack of user authentication and command authorization mechanisms, no control over network communication sourc...
pnpm post-link vulnerability
PNPM is a package manager developed by the open-source project Pnpm. Prior to version 10.28.2, Pnpm had a backlink vulnerability. This vulnerability stemmed from the use of symbolic links when installing dependencies via file: or git:. Such practices could lead to local data leaks...