Main Vulnerability Database Vulnerabilities #VU132384

Path traversal in n8n - #VU132384

Published: May 27, 2026

Vulnerability identifier: #VU132384

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: n8n

Affected software:
n8n

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to path traversal in the Git node Clone and Push operations when processing user-supplied repository paths. A remote user can supply a local filesystem path as the source or target repository to disclose sensitive information.

Only users with permission to create or modify workflows can exploit this issue, and the issue bypasses the N8N_RESTRICT_FILE_ACCESS_TO file sandbox.

Remediation

Install security update from vendor's website.

Sources

https://github.com/n8n-io/n8n/security/advisories/GHSA-5xp3-2w67-427v

Path traversal in n8n - #VU132384

Detailed vulnerability description

Remediation

Sources

Please verify you're human