SB2026020673 - Multiple vulnerabilities in n8n
Published: February 6, 2026 Updated: April 30, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Path traversal (CVE-ID: CVE-2026-25055)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the SSH node. A remote attacker can send a specially crafted HTTP request and upload arbitrary files on the system.
2) Improper Authentication (CVE-ID: CVE-2026-33665)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to gain full access to another user's account.
The vulnerability exists due to improper authentication in LDAP account linking when matching an LDAP identity to an existing local account by email during login. A remote user can set their own LDAP email attribute to match another user's email and log in to gain full access to another user's account.
LDAP authentication must be configured and active, and the account linkage persists even if the LDAP email attribute is later reverted.
Remediation
Install update from vendor's website.