Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-58661
Analyzed
More InfoOfficial Page
Source-disclosure@vulncheck.com
View Known Exploited Vulnerability (KEV) details
Published At-10 Jul, 2026 | 15:16
Updated At-13 Jul, 2026 | 16:57

n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
N/A
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

n8n
n8n
>>n8n>>Versions before 1.123.58(exclusive)
cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*
n8n
n8n
>>n8n>>Versions before 1.123.58(exclusive)
cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*
n8n
n8n
>>n8n>>Versions from 2.0.0(inclusive) to 2.28.0(exclusive)
cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:*
n8n
n8n
>>n8n>>Versions from 2.0.0(inclusive) to 2.28.0(exclusive)
cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-770Secondarydisclosure@vulncheck.com
CWE ID: CWE-770
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/n8n-io/n8n/security/advisories/GHSA-w867-jm58-p9pvdisclosure@vulncheck.com
Mitigation
Vendor Advisory
https://www.vulncheck.com/advisories/n8n-disk-space-exhaustion-via-data-table-file-upload-endpointdisclosure@vulncheck.com
Third Party Advisory
Hyperlink: https://github.com/n8n-io/n8n/security/advisories/GHSA-w867-jm58-p9pv
Source: disclosure@vulncheck.com
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://www.vulncheck.com/advisories/n8n-disk-space-exhaustion-via-data-table-file-upload-endpoint
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory
Change History
0Changes found

Details not found