{"data":{"id":"83ee678e-08f4-45dd-9d54-e1b78b772b7e","title":"GHSA-5xp3-2w67-427v: n8n: Git Node Clone and Push Operations Bypass File Sandbox","summary":"A security flaw in n8n (a workflow automation tool) allowed authenticated users to bypass file access restrictions by using the Git node's Clone and Push operations with local filesystem paths, potentially letting them read files they shouldn't have access to. The vulnerability has been patched in specific versions of n8n.","solution":"Upgrade to n8n version 1.123.48, 2.21.8, or 2.22.4 or later. If immediate upgrading is not possible, administrators can temporarily: (1) restrict workflow creation and editing permissions to fully trusted users only, or (2) disable the Git node by adding `n8n-nodes-base.git` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and should only be used as short-term measures.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-5xp3-2w67-427v","publishedAt":"2026-06-16T17:37:54.000Z","cveId":"CVE-2026-49465","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.0.0-rc.0, < 2.21.8 (fixed: 2.21.8)","n8n@>= 2.22.0, < 2.22.4 (fixed: 2.22.4)","n8n@< 1.123.48 (fixed: 1.123.48)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-16T17:37:54.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":["AML.T0010"]}}