n8n Node.js Package < 1.123.12 / 2.x < 2.4.0 Arbitrary File Write via SSH Node (CVE-2026-25055)
The version of the n8n Node.js Package installed on the remote host is prior to 1.123.12, or 2.x prior to 2.4.0. It is, therefore, affected by an arbitrary file write vulnerability: - When workflows process uploaded files and transfer them to remote servers via the SSH node without validating the...