SB2026020673 - Multiple vulnerabilities in n8n



SB2026020673 - Multiple vulnerabilities in n8n

Published: February 6, 2026 Updated: April 30, 2026

Security Bulletin ID SB2026020673
CSH Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Path traversal (CVE-ID: CVE-2026-25055)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the SSH node. A remote attacker can send a specially crafted HTTP request and upload arbitrary files on the system.


2) Improper Authentication (CVE-ID: CVE-2026-33665)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to gain full access to another user's account.

The vulnerability exists due to improper authentication in LDAP account linking when matching an LDAP identity to an existing local account by email during login. A remote user can set their own LDAP email attribute to match another user's email and log in to gain full access to another user's account.

LDAP authentication must be configured and active, and the account linkage persists even if the LDAP email attribute is later reverted.


Remediation

Install update from vendor's website.