CVE-2026-25052

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25052

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25052.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25052

Aliases

GHSA-gfvg-qv54-r4pc

Published

2026-02-04T16:47:04.444Z

Modified

2026-03-01T02:57:07.384662Z

Severity

9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator

Summary

n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

Details

n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. This issue has been patched in versions 1.123.18 and 2.5.0.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-367"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25052.json"
}

References

Affected packages

Git / github.com/n8n-io/n8n

Affected ranges

Type: GIT
Repo: https://github.com/n8n-io/n8n
Events: Introduced

a8ecda44f7627630bc8b78cf671405157ad41c4f

Fixed

e396d6de708d2f23658c9df04f5acd3806728649

Affected versions

n8n@1.*

n8n@1.123.0

n8n@2.*

n8n@2.0.0

n8n@2.1.0

n8n@2.2.0

n8n@2.3.0

n8n@2.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25052.json"