CVE-2026-56352 in n8ninfo

Zusammenfassung

von MITRE • 15.07.2026

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the REST API. An authenticated user with permission to create or modify workflows can supply an arbitrary file path to bypass the N8N_RESTRICT_FILE_ACCESS_TO restriction and determine whether arbitrary files exist on the host; where the targeted path contains a valid workflow JSON file, that file can additionally be loaded and executed.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Zuständig

VulnCheck

Reservieren

20.06.2026

Veröffentlichung

15.07.2026

Moderieren

akzeptiert

Eintrag

VDB-379221

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Want to stay up to date on a daily basis?

Enable the mail alert feature now!