CVE-2026-15521

Summary

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component update_node_from_file. The manipulation of the argument filePath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
makafelin8n-workflow-builder0.1affected
makafelin8n-workflow-builder0.2affected
makafelin8n-workflow-builder0.3affected
makafelin8n-workflow-builder0.4affected
makafelin8n-workflow-builder0.5affected
makafelin8n-workflow-builder0.6affected
makafelin8n-workflow-builder0.7affected
makafelin8n-workflow-builder0.8affected
makafelin8n-workflow-builder0.9affected
makafelin8n-workflow-builder0.10affected
makafelin8n-workflow-builder0.11.0affected

Weaknesses

  • CWE-22: Path Traversal

References