CVE-2026-25056

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25056

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25056.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25056

Aliases

GHSA-hv53-3329-vmrm

Published

2026-02-04T16:47:55.170Z

Modified

2026-02-06T22:20:15.399584Z

Severity

9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator

Summary

n8n Arbitrary File Write leading to RCE in n8n Merge Node

Details

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0.

Database specific

{
    "cwe_ids": [
        "CWE-434",
        "CWE-693"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25056.json"
}

References

Affected packages

Git / github.com/n8n-io/n8n

Affected ranges

Type: GIT
Repo: https://github.com/n8n-io/n8n
Events: Introduced

a8ecda44f7627630bc8b78cf671405157ad41c4f

Fixed

d222a6a7ce721eec15bb81205d55fa0c02dbf416

Affected versions

n8n@1.*

n8n@1.123.0

n8n@2.*

n8n@2.0.0

n8n@2.1.0

n8n@2.2.0

n8n@2.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25056.json"