Disk Space Exhaustion Vulnerability in n8n by n8n.io
CVE-2026-58661

5.3MEDIUM

Key Information:

Vendor

N8n

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-58661?

A disk space exhaustion vulnerability exists in n8n's data-table file upload endpoint. The implementation allows authenticated users to bypass quota checks for files already written to a shared temporary directory. As a result, users can continuously upload files, leading to the accumulation of data that fills the available disk space until a cleanup process occurs. This vulnerability can significantly impact system performance and may lead to application downtime.

Affected Version(s)

n8n 0 < 2.28.0

n8n 0 < 1.123.58

n8n 2.28.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CodeByMoriarty
.