PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58661 n8n CVE debrief

CVE-2026-58661 is a MEDIUM severity vulnerability in n8n, a workflow automation tool. The vulnerability is caused by a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host. This vulnerability can be mitigated by updating to version 2.28.0 or later (or 1.123.58 or later on the 1.x branch). Users of n8n should be aware of this vulnerability and take steps to mitigate it.

Vendor
n8n
Product
Unknown
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of n8n versions before 2.28.0 (and before 1.123.58 on the 1.x branch) should be aware of this vulnerability, assess their exposure, and take steps to mitigate it. This includes reviewing system configurations, monitoring for suspicious activity, and implementing compensating controls as needed.

Technical summary

The vulnerability is caused by a disk space exhaustion vulnerability in the data-table file upload endpoint of n8n, a workflow automation tool. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host. This issue can lead to denial-of-service conditions and impact the availability of services relying on n8n.

Defensive priority

Medium-High

Recommended defensive actions

  • Update n8n to version 2.28.0 or later (or 1.123.58 or later on the 1.x branch)
  • Implement monitoring to detect potential disk space exhaustion
  • Configure compensating controls to limit the impact of a potential attack
  • Review system configurations for exposed n8n deployments
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-07-10T15:16:47.987Z and was last modified on 2026-07-10T17:49:57.737Z. The NVD entry is currently Undergoing Analysis. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability is caused by a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host. The vendor has released patches for this vulnerability, and users should update to version 2.28.0 or later (or 1.123.58 or later on the 1.x branch).

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T15:16:47.987Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.