Primary

Context

n8n Symlink Traversal Vulnerability in Read/Write File Node

Vulnerability

Patched

A symlink traversal vulnerability exists in n8n workflow automation platform versions prior to 1.106.0. The issue arises in the Read/Write File node, which inadequately manages symbolic links, allowing attackers to bypass directory restrictions and access restricted files. This vulnerability can be exploited by users who can create symlinks, such as through the Execute Command node. n8n.cloud users are not affected.

Impact

Exploitation allows unauthorized access to restricted files and directories, enabling reading from or writing to otherwise inaccessible paths.

Remediation

Users should update to n8n version 1.106.0 or later. Affected users can also disable or restrict access to the Execute Command node and avoid using the Read/Write File node on untrusted paths that could be manipulated with symlinks.

Added: Aug 20, 2025, 10:21 PM

Updated: Aug 20, 2025, 10:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

4.9

remediation

8.3

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

4.9

remediation

8.3

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

n8n Symlink Traversal Vulnerability in Read/Write File Node

Vulnerability

Impact

Remediation

Affected Products

n8n

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating