CVE-2026-25055

HIGH

n8n < 1.123.12 and 2.0.0-2.4.0 - Unauthenticated Path Traversal and Remote Code Execution via SSH Node File Transfer

Title source: llm

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. This issue has been patched in versions 1.123.12 and 2.4.0.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9

Scores

CVSS v3 8.1

EPSS 0.0017

EPSS Percentile 37.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

n8n/n8n < 1.123.12

npm/n8n 2.0.0 - 2.4.0npm

Published Feb 04, 2026

Tracked Since Feb 18, 2026