CVE-2026-25055
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-04

Last updated on: 2026-02-05

Assigner: GitHub, Inc.

Description
n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. This issue has been patched in versions 1.123.12 and 2.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-05
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-25055
EUVD
EUVD-2026-5416
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.12 (exc)
n8n n8n From 2.0.0 (inc) to 2.4.0f (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the n8n workflow automation platform prior to versions 1.123.12 and 2.4.0. It occurs when workflows process uploaded files and transfer them to remote servers using the SSH node without validating the files' metadata. Because of this lack of validation, files can be written to unintended locations on the remote systems.

An unauthenticated attacker who knows about the existence of such workflows and has access to unauthenticated file upload endpoints can exploit this vulnerability.

The consequence of this vulnerability can be remote code execution on the affected remote systems.


How can this vulnerability impact me? :

This vulnerability can allow an unauthenticated attacker to write files to unintended locations on remote servers, potentially leading to remote code execution on those systems.

Such unauthorized file writes and remote code execution can compromise the integrity, confidentiality, and availability of the affected systems.

If you use n8n workflows that handle file uploads and transfer files via SSH nodes without proper validation, your systems could be at risk of being compromised by attackers exploiting this vulnerability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade n8n to version 1.123.12 or later, or version 2.4.0 or later, where the issue has been patched.

Additionally, ensure that endpoints for file uploads are not unauthenticated to prevent unauthenticated attackers from exploiting the vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart