mediumCVE-2026-58661

CVE-2026-58661 n8n vulnerability

n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host.

Productn8n
CVSS5.3
EPSS0.00235
UpdatedJuly 13, 2026

Quick answer

n8n should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Review vendor advisory for affected versions.

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

CVE-2026-58661 affects n8n: disk space exhaustion in the data-table file upload endpoint in 2.x versions before 2.28.0 and 1.x versions before 1.123.58. Update n8n to 2.28.0 or 1.123.58 on the 1.x branch. Until the upgrade is complete, limit access to authenticated upload workflows, enforce disk quotas and temporary-directory monitoring, and review upload activity for abnormal accumulation.

  1. Inventory all n8n deployments, including self-hosted, containerized, Kubernetes, and managed environments.
  2. Identify deployments running 2.x versions before 2.28.0 and 1.x versions before 1.123.58, including both community and enterprise editions.
  3. Upgrade n8n to 2.28.0 or 1.123.58 on the 1.x branch, or move to a later vendor-supported patched release.
  4. Restrict access to data-table file upload workflows to trusted users and disable unnecessary upload features until patched.
  5. Enforce host, container, and volume-level disk quotas and alerting on the shared temporary directory used by uploads.
  6. Review n8n, reverse-proxy, container, Kubernetes, and host filesystem logs for repeated upload activity related to CVE-2026-58661.
  7. Clean up accumulated temporary files only after preserving evidence if abuse is suspected, then restart affected workers or pods as needed.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm n8n reports 2.28.0 or 1.123.58 on the 1.x branch or a later vendor-supported patched release.
  • Verify authenticated users cannot repeatedly accumulate uploaded files beyond intended quota limits before cleanup runs.
  • Confirm disk usage alerts, filesystem quotas, and temporary-directory cleanup operate correctly under upload load.
  • Review logs after remediation for repeated upload attempts, disk pressure, worker restarts, or failed cleanup jobs.
  • Document patched versions, deployment names, quota settings, cleanup evidence, and any user or token actions taken.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-58661?

n8n should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

How are Fixnx security risk categories chosen?

Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.