A vulnerability has been found in makafeli n8n-workflow-builder up to 0.11.0 and classified as critical. Affected is an unknown function of the file build/server.cjs of the component update_node_from_file. The manipulation of the argument filePath leads to path traversal.
This vulnerability is traded as CVE-2026-15521. An attack has to be approached locally. Furthermore, there is an exploit available.
The project was informed of the problem early through an issue report but has not responded yet.