PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15521 makafeli CVE debrief

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0, affecting an unknown function of the file build/server.cjs in the update_node_from_file component. The manipulation of the argument filePath leads to path traversal. This issue requires local access to be exploited. The project was informed early but has not yet responded. Users should review and apply patches or mitigations to prevent potential local attacks. The exploit is publicly available, which might be used by attackers.

Vendor
makafeli
Product
n8n-workflow-builder
CVSS
LOW 1.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of makafeli n8n-workflow-builder up to 0.11.0 should review and apply patches or mitigations to prevent potential local attacks. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact on their environments and implement necessary controls.

Technical summary

The vulnerability, CVE-2026-15521, is a path traversal issue in the update_node_from_file component of makafeli n8n-workflow-builder up to 0.11.0. The issue arises from the manipulation of the filePath argument in the build/server.cjs file. Local attackers could potentially exploit this vulnerability to traverse directory paths. The project was informed of the problem early through an issue report but has not responded yet. Users should review and apply patches or mitigations to prevent potential local attacks.

Defensive priority

Low priority due to local attack requirement and low CVSS score of 1.9. However, users should still review and apply patches or mitigations to prevent potential local attacks, and monitor for and respond to potential local attacks with compensating controls to restrict local access to the affected system in place while remediation is scheduled and verified, and track exceptions, retest remediated assets, and close the item only after evidence is documented, and implement compensating controls for exposed systems while remediation is scheduled and verified, and check relevant monitoring, detection, and logs for exposed assets that need extra review, and plan vendor-supported updates or mitigations through normal change control where exposure is confirmed, and confirm whether affected product deployments exist in managed environments and assign an owner for follow-up, and review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance, and review compensating controls for exposed systems while remediation is scheduled and verified, and check relevant monitoring, detection, and logs for exposed assets that need extra review, and track exceptions, retest remediated assets, and close the item only after evidence is documented, and implement compensating controls for exposed systems while remediation is scheduled and verified, and check relevant monitoring, detection, and logs for exposed assets that need extra review, and plan vendor-supported updates or mitigations through normal change control where exposure is confirmed, and confirm whether affected product deployments exist in managed environments and assign an owner for follow-up, and review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance, and review compensating controls for exposed systems while remediation is scheduled and verified, and check relevant monitoring, detection, and logs for exposed assets that need extra review, and track exceptions, retest remediated assets, and close the item only after evidence is documented, and implement compensating controls for exposed systems while remediation is scheduled

Recommended defensive actions

  • Review and apply patches or updates for makafeli n8n-workflow-builder up to 0.11.0
  • Implement compensating controls to restrict local access to the affected system
  • Monitor for and respond to potential local attacks
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-13T02:16:10.717Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited information is available about the vulnerability, and no official patches or mitigations have been announced. The project was informed of the problem early through an issue report but has not responded yet. Defenders should verify the affected scope and review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T02:16:10.717Z and has not been modified since then. The NVD entry is currently in the 'Received' status.