Primary

Context

n8n Unauthenticated File Access Vulnerability Allowing Sensitive Information Exposure

Vulnerability

Patched

A vulnerability in n8n versions through 1.65.0 allows unauthenticated remote attackers to access files on the underlying server by executing certain form-based workflows. This file access could lead to the exposure of sensitive information stored on the system and may enable further compromise, depending on the deployment configuration and workflow usage.

Impact

Exploitation of this vulnerability could result in unauthorized access to files on the server, leading to exposure of sensitive information and potential further compromise of the system, depending on the n8n deployment and workflow usage.

Remediation

Users should upgrade to n8n version 1.121.0 or later. As a temporary mitigation, publicly accessible webhook and form endpoints can be restricted or disabled until after the upgrade.

Added: Jan 8, 2026, 12:19 AM

Updated: Jan 8, 2026, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

3.3

exploitability

7.0

remediation

7.9

relevance

1.9

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

3.3

exploitability

7.0

remediation

7.9

relevance

1.9

threat

0.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

n8n Unauthenticated File Access Vulnerability Allowing Sensitive Information Exposure

Vulnerability

Impact

Remediation

Affected Products

n8n

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating