{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T14:00:17.315","vulnerabilities":[{"cve":{"id":"CVE-2025-49595","sourceIdentifier":"security-advisories@github.com","published":"2025-07-03T13:15:28.690","lastModified":"2025-09-04T16:49:06.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-data endpoint and n8n.cloud instances (confirmed HTTP/2 524 timeout responses). Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. This issue has been patched in version 1.99.0."},{"lang":"es","value":"n8n es una plataforma de automatización de flujos de trabajo. Antes de la versión 1.99.0, existía una vulnerabilidad de denegación de servicio en el endpoint /rest/binary-data al procesar URIs de sistemas de archivos vacías (filesystem:// o filesystem-v2://). Esto permitía a atacantes autenticados provocar la indisponibilidad del servicio mediante solicitudes de URI de sistemas de archivos malformadas, lo que afectaba al endpoint /rest/binary-data y a las instancias de n8n.cloud (respuestas HTTP/2 con tiempo de espera 524 confirmadas). Los atacantes podían explotar esto enviando solicitudes GET con URIs de sistemas de archivos vacías (filesystem:// o filesystem-v2://) al endpoint /rest/binary-data, lo que provocaba el agotamiento de recursos y la interrupción del servicio. Este problema se ha corregido en la versión 1.99.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.99.0","matchCriteriaId":"4A5FBC4C-F10F-424D-82D6-039910014EEA"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/commit/43c52a8b4f844e91b02e3cc9df92826a2d7b6052","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/n8n-io/n8n/pull/16229","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-pr9r-gxgp-9rm8","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]}]}}]}