Description
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8N_RESTRICT_FILE_ACCESS_TO file sandbox. This allowed the contents of any local git repository accessible to the n8n process to be cloned into an allowed path and read, circumventing the access restrictions that correctly blocked direct file reads to the same paths. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4.
Published: 2026-06-23
Score: 6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

n8n’s Git node allowed an authenticated user with the ability to create or modify workflows to specify a local filesystem path as the source during clone or target during push. This bypassed the N8N_RESTRICT_FILE_ACCESS_TO sandbox, enabling the service to read the contents of any local git repository accessible to the n8n process. The vulnerability could expose arbitrary files on the host, including configuration or secrets, and is classified as a directory traversal flaw (CWE-22).

Affected Systems

The issue affects n8n installations running versions prior to 1.123.48, 2.21.8, or 2.22.4 released by n8n‑io.

Risk and Exploitability

The CVSS score of 6 indicates medium severity, and the EPSS score is not available, suggesting no known high exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. An attacker must first obtain authenticated access with workflow‑creation privileges, after which they can craft a workflow to read sensitive files via the Git node, potentially exfiltrating the data. The risk is therefore moderate and limited to the scope of the n8n host environment.

Generated by OpenCVE AI on June 23, 2026 at 22:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to n8n version 1.123.48, 2.21.8, or 2.22.4 or newer to apply the fix
  • Revoke or restrict workflow‑creation and modification permissions for users who do not require them
  • Enable strict role‑based access controls and audit workflow changes to detect unauthorized modifications

Generated by OpenCVE AI on June 23, 2026 at 22:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5xp3-2w67-427v n8n: Git Node Clone and Push Operations Bypass File Sandbox
History

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8N_RESTRICT_FILE_ACCESS_TO file sandbox. This allowed the contents of any local git repository accessible to the n8n process to be cloned into an allowed path and read, circumventing the access restrictions that correctly blocked direct file reads to the same paths. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4.
Title n8n: Git Node Clone and Push Operations Bypass File Sandbox
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T17:17:36.092Z

Reserved: 2026-05-30T04:17:43.094Z

Link: CVE-2026-49465

cve-icon Vulnrichment

Updated: 2026-06-23T17:17:25.327Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T22:15:04Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')