Back to overview

CVE-2026-56352

MEDIUM
6.4
CVSS 3.1
Description
n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the REST API. An authenticated user with permission to create or modify workflows can supply an arbitrary file path to bypass the N8N_RESTRICT_FILE_ACCESS_TO restriction and determine whether arbitrary files exist on the host; where the targeted path contains a valid workflow JSON file, that file can additionally be loaded and executed.

Metadata

CVE ID
CVE-2026-56352
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-20 18:13 UTC
Published
2026-07-15 11:25 UTC
Last updated
2026-07-15 13:49 UTC
Primary CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory …
Vendor / Product
n8n / n8n
Sources
cve.org  ·  NVD

Severity & Metrics

6.4 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
n8n n8n 0 < 2.19.3, 2.19.3
n8n n8n 0 < 2.19.3, 2.19.3
Weakness (CWE)
CWESourceDescription
CWE-22 cna Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS scores (2)
ScoreSeverityVersionSourceVector
6.4 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
References (2)
Back to overview