Critical

Arbitrary File Read in n8n File Access Controls

IdentifiersCVE-2026-25052CWE-367· Time-of-check Time-of-use (TOCTOU)…

CVE-2026-25052 is a critical arbitrary file read vulnerability in n8n, the open-source workflow automation platform. In n8n versions prior to 1.123.18 and 2.5.0, insufficient file access controls on internal resources allow an authenticated user with permission to create or modify workflows to read sensitive files from the underlying n8n host system. The issue is described as a file access control weakness and is mapped in the provided source material to CWE-367. By abusing workflow-capable functionality, an attacker can access host-resident files containing sensitive configuration data and credentials, breaking the intended isolation between workflows and the host environment.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a low-privileged authenticated user with workflow creation or modification rights to read sensitive files from the n8n host. Exposed data may include critical configuration information, secrets, and user credentials. The disclosed material can be used for follow-on compromise, including complete account takeover of any user on the affected n8n instance, and may facilitate broader compromise of connected services depending on what secrets are stored on the host.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict workflow creation and editing permissions to fully trusted users only. Additionally, restrict or disable filesystem-interacting nodes, especially the "Read/Write Files from Disk" and "Git" nodes, in line with n8n guidance on blocking nodes. These measures reduce exposure but do not eliminate the vulnerability.

Remediation

Patch, then assume compromise.

Upgrade n8n to a fixed release. The issue is patched in n8n 1.123.18 and 2.5.0. Deploy 1.123.18 or later on the 1.x branch, or 2.5.0 or later on the 2.x branch.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

N8nN8napplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app

upwind blogNews

Feb 5, 2026

Six n8n CVEs Disclosed in One Day Expose Workflow Security Risks - Upwind

A critical arbitrary file read vulnerability in n8n caused by insufficient access controls on internal resources/APIs, allowing authenticated workflow users to read sensitive host files and configuration.

the hacker newsNews

Feb 5, 2026

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Authenticated TOCTOU flaw in n8n file access controls enabling sensitive file read and potentially full account takeover.

the hacker newsNews

Feb 5, 2026

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

TOCTOU flaw in n8n file access controls allowing authenticated workflow authors to read sensitive host files, potentially leading to full account takeover on the instance.

cvefeed high severityNews

Feb 4, 2026

CVE-2026-25052 - n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

An authenticated file access control weakness in n8n that allows users who can create/modify workflows to read sensitive files on the host, potentially exposing configuration and credentials and enabling full account takeover.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4