CVE-2026-15521
Received Received - Intake

Path Traversal in makafeli n8n-workflow-builder

Vulnerability report for CVE-2026-15521, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component update_node_from_file. The manipulation of the argument filePath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
makafeli n8n-workflow-builder to 0.11.0 (inc)
makafeli n8n to 2.21.7 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability allows an attacker with local access to perform arbitrary local file reads through the update_node_from_file tool by manipulating the filePath argument. This can lead to unauthorized disclosure of sensitive information such as configuration files, secrets, or source code embedded into n8n workflows and retrievable via the n8n API.

Such unauthorized access and potential exposure of sensitive data could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive information.

However, the vulnerability requires local access and the exploit is not remotely exploitable, which may limit the scope of compliance impact depending on the deployment environment and access controls in place.

Executive Summary

CVE-2026-15521 is a vulnerability in the makafeli n8n-workflow-builder, specifically in the update_node_from_file component. It allows an attacker with local access to manipulate the filePath argument to perform a path traversal attack. This means the attacker can cause the system to read arbitrary local text files and embed their contents into n8n workflow nodes.

The vulnerability arises because the update_node_from_file tool does not restrict or validate the filePath argument, allowing any local file accessible to the MCP server process to be read. The file content is then inserted into a workflow node parameter and saved, making the sensitive data retrievable via the n8n API.

This issue is particularly dangerous in environments where AI assistants or automated tools use the MCP server, as untrusted input could be exploited to read sensitive files such as configuration files, secrets, or source code.

Impact Analysis

This vulnerability can impact you by allowing an attacker with local access to read arbitrary local files on the server running the n8n-workflow-builder MCP server. Sensitive information such as configuration files, secrets, or source code could be exposed.

The attacker can embed the contents of these files into n8n workflow nodes, which can then be retrieved through the n8n API or workflow functionality, potentially leading to data leakage.

In environments where AI assistants automate workflow management, this vulnerability could be exploited to manipulate the assistant into reading and exposing sensitive data without direct user interaction.

Detection Guidance

This vulnerability involves the `update_node_from_file` tool in the n8n-workflow-builder which allows arbitrary local file reads via an uncontrolled `filePath` argument. Detection involves monitoring or testing for unauthorized or unexpected local file read attempts through this tool.

Since the exploit requires local access and involves the MCP client calling `update_node_from_file` with a crafted file path, detection can be done by checking logs or monitoring calls to this function for suspicious file paths.

You can attempt to detect exploitation by running commands or scripts that simulate the exploit locally, for example, by invoking the `update_node_from_file` with a known sensitive file path and checking if the file content is embedded into a workflow node.

  • Check logs or audit trails for calls to `update_node_from_file` with unexpected or absolute file paths.
  • Use a proof-of-concept script similar to the one described in Resource 1 to test if local file reads are possible.
  • Monitor the n8n workflow nodes for unexpected content that may indicate embedded local file data.
Mitigation Strategies

Immediate mitigation steps include restricting local access to the MCP server and the `update_node_from_file` tool to trusted users only, since the attack requires local access.

Avoid running the vulnerable versions of n8n-workflow-builder (up to 0.11.0) and n8n (up to 2.21.7) in untrusted environments or without proper access controls.

Monitor and audit usage of the `update_node_from_file` tool to detect any suspicious file path arguments.

Consider disabling or restricting the `update_node_from_file` functionality until a patch or official fix is released.

Apply principle of least privilege to the MCP server process to limit file system access and prevent reading sensitive files.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15521. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart