Description
n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Fri, 10 Jul 2026 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host. | |
| Title | n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint | |
| First Time appeared |
N8n
N8n n8n |
|
| Weaknesses | CWE-770 | |
| CPEs | cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
N8n
N8n n8n |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-10T13:58:01.635Z
Reserved: 2026-07-01T21:54:37.946Z
Link: CVE-2026-58661
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses