CNNVD-202602-611 Information

CNNVD ID

CNNVD-202602-611

Related CVE

CVE-2026-25055

• CNNVD Published: 2026-02-04

Description (Chinese)

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.123.12之前版本和2.4.0之前版本存在路径遍历漏洞，该漏洞源于处理上传文件时未验证元数据，可能导致文件写入意外位置和远程代码执行。

Description (English)

n8n is an expanded workflow automation tool for n8n open source. n8n 1.123.12 There is a loophole in the path before version 1.123.12 and before version 2.4.0, which results from the non-validation of metadata when processing upload files, which may lead to the writing of files into unexpected locations and remote code execution.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

n8n

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9 https://access.redhat.com/security/cve/cve-2026-25055

Patch

https://github.com/n8n-io/n8n/releases