CVE-2026-58661
Received Received - Intake

Disk Space Exhaustion in n8n Workflow Automation

Vulnerability report for CVE-2026-58661, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
n8n n8n to 2.28.0 (exc)
n8n n8n to 1.123.58 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in n8n versions before 2.28.0 (and before 1.123.58 on the 1.x branch) and involves the data-table file upload endpoint.

The issue arises because the per-request quota check does not consider files that have already been written to the shared temporary directory.

As a result, an authenticated user can repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting the available disk space on the host system.

Impact Analysis

The primary impact of this vulnerability is a denial-of-service condition caused by disk space exhaustion.

An attacker with authenticated access can repeatedly upload files, causing the temporary storage to fill up and potentially making the host system unable to function properly due to lack of disk space.

This can disrupt normal operations and availability of the affected system.

Detection Guidance

This vulnerability can be detected by monitoring disk usage in the shared temporary upload directory used by n8n. Since the issue involves accumulation of uploaded files that are not accounted for in quota checks, observing an unusual increase in disk space consumption in this directory can indicate exploitation.

Commands to detect this condition include checking disk usage and listing files in the temporary upload directory. For example:

  • Use 'du -sh /path/to/n8n/tmp' to check the total disk space used by the temporary directory.
  • Use 'ls -l /path/to/n8n/tmp' to list files and their sizes to identify accumulation.
  • Use 'df -h' to monitor overall disk space usage on the host system.

Additionally, monitoring logs for repeated file upload requests to the data-table upload endpoint by authenticated users can help detect attempts to exploit this vulnerability.

Mitigation Strategies

Immediate mitigation steps include upgrading n8n to version 2.28.0 or later (or 1.123.58 or later on the 1.x branch) where this vulnerability is fixed.

If upgrading is not immediately possible, temporary mitigations include:

  • Restrict access to the data-table file upload endpoint to trusted authenticated users only.
  • Set a low upload size limit to reduce the risk of disk space exhaustion.
  • Monitor disk usage in the temporary upload directory closely and clean up accumulated files manually if necessary.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58661. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart