Skip to main content

n8n-workflow-builder CVE-2026-15521

| EUVDEUVD-2026-43261 LOW
Path Traversal (CWE-22)
2026-07-13 VulDB GHSA-pjp8-f5mg-f25p
1.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Local attack requiring low-privilege access to invoke the file endpoint; unchanged scope and partial C/I/A reflect limited traversal impact bounded by process permissions.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 13, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
Jul 13, 2026 - 02:22 NVD
4.8 (MEDIUM) 1.9 (LOW)
Analysis Generated
Jul 13, 2026 - 02:00 vuln.today

DescriptionCVE.org

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component update_node_from_file. The manipulation of the argument filePath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal in makafeli n8n-workflow-builder (versions up to 0.11.0) allows a local low-privileged attacker to manipulate the filePath argument in the update_node_from_file function within build/server.cjs, enabling arbitrary file reads and writes outside the intended directory scope. A publicly available proof-of-concept exists on GitHub (issue #28), and the vendor has not responded to the coordinated disclosure. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local low-privilege account on host
Delivery
Invoke update_node_from_file server endpoint
Exploit
Supply crafted filePath with traversal sequences
Execution
Access or overwrite files outside intended directory
Impact
Exfiltrate sensitive data or tamper with application files

Vulnerability AssessmentAI

Exploitation Local access to the host running n8n-workflow-builder is required - remote network exploitation is not possible given AV:L in the CVSS 4.0 vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 4.8 (Medium) is derived from a local attack vector (AV:L), low complexity (AC:L), no attack requirements (AT:N), low privileges required (PR:L), no user interaction (UI:N), and low confidentiality, integrity, and availability impact on the vulnerable system with no scope change to subsequent systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with low-level access to the host running n8n-workflow-builder - such as a developer account or a process that has achieved initial foothold - calls the update_node_from_file endpoint and supplies a crafted filePath value containing directory traversal sequences (e.g., ../../../../etc/passwd) to read sensitive system files or overwrite application files outside the intended directory. A public POC demonstrating this technique is available at GitHub issue #28, reducing the skill required for exploitation.
Remediation No vendor-released patch identified at time of analysis - the maintainer has not responded to the disclosure reported via GitHub issue #28 (https://github.com/makafeli/n8n-workflow-builder/issues/28). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15521 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy