Resource exhaustion in N8n

CVE-2026-58661

n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary…

Affected products

  • N8n — versions 0, 2.28.0, 1.123.58

Weakness classification (CWE)

References