CVE-2026-25055

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25055

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25055.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25055

Aliases

GHSA-m82q-59gv-mcr9

Published

2026-02-04T16:47:47.239Z

Modified

2026-03-01T02:57:08.790991Z

Severity

7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H CVSS Calculator

Summary

n8n Arbitrary File Write on Remote Systems via SSH Node

Details

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. This issue has been patched in versions 1.123.12 and 2.4.0.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25055.json"
}

References

Affected packages

Git / github.com/n8n-io/n8n

Affected ranges

Type: GIT
Repo: https://github.com/n8n-io/n8n
Events: Introduced

a8ecda44f7627630bc8b78cf671405157ad41c4f

Fixed

d222a6a7ce721eec15bb81205d55fa0c02dbf416

Affected versions

n8n@1.*

n8n@1.123.0

n8n@2.*

n8n@2.0.0

n8n@2.1.0

n8n@2.2.0

n8n@2.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25055.json"