Skip to main content

N8n

66 CVEs product

Monthly

CVE-2026-59259 MEDIUM PATCH This Month

Permission bypass in n8n's external secrets handling allows authenticated low-privilege users to exfiltrate secrets they are not authorized to access by exploiting a mismatch between the platform's static validation layer and its runtime expression engine. Affected are all n8n instances running versions before 1.123.61 (1.x branch), 2.27.4, or 2.28.1 (2.x branch) that have both an external secrets provider and Advanced Permissions configured. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the confidentiality impact is high for affected deployments given that secrets such as API keys and credentials may be fully exposed.

Authentication Bypass N8n
NVD GitHub
CVSS 4.0
6.0
CVE-2026-59254 MEDIUM PATCH This Month

Unauthorized external secret disclosure in n8n before 2.28.1 allows authenticated project editors to read plaintext secret values from external secret managers by embedding references in workflow node expressions. The flaw bypasses the intended access control model: users with project editor roles - who are not granted explicit secrets access permissions - can nonetheless resolve and exfiltrate secrets via expression syntax. No public exploit or active exploitation has been identified, but the CVSS 4.0 vector assigns SC:H (high confidentiality impact on subsequent systems), reflecting that secrets stored in downstream vaults or secret managers are fully exposed to insufficiently privileged users.

Authentication Bypass Information Disclosure N8n
NVD GitHub
CVSS 4.0
6.3
CVE-2026-56353 npm MEDIUM PATCH This Month

Authentication bypass in the n8n Chat Trigger node allows unauthenticated network access to protected webhook endpoints when the node is explicitly configured with n8n User Auth - a non-default operator setting. Affected releases span all 1.x builds before 1.123.22, the entire 2.0.0-2.9.2 range, and 2.10.0. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; the CVSS 4.0 score of 6.3 with AT:P correctly reflects that real-world exposure is bounded by the non-default configuration prerequisite.

Authentication Bypass N8n
NVD GitHub
CVSS 4.0
6.3
CVE-2026-56352 npm MEDIUM PATCH This Month

File path restriction bypass in n8n before 2.19.3 allows authenticated users with workflow creation or modification rights to circumvent the N8N_RESTRICT_FILE_ACCESS_TO security boundary via a legacy REST API code path, enabling arbitrary file existence disclosure on the host filesystem. Where a targeted path contains valid workflow JSON, that file can additionally be loaded and executed by the n8n engine, potentially triggering downstream actions on all systems connected to that workflow. No public exploit or active exploitation has been identified at time of analysis, but the low complexity and broad impact on connected downstream systems make this a meaningful risk in multi-tenant or partially-trusted deployments.

Path Traversal N8n
NVD GitHub VulDB
CVSS 4.0
5.3
CVE-2026-56349 npm MEDIUM PATCH This Month

Input validation bypass in n8n's Guardrail node (versions before 2.10.0) allows end users interacting with affected workflows to circumvent AI safety guardrail instructions through crafted inputs, undermining workflow integrity. Any n8n deployment running a workflow that incorporates the Guardrail node is exposed; instances not using that node are entirely unaffected regardless of version. No public exploit code has been identified and this CVE does not appear in CISA KEV; a vendor-confirmed patch is available in n8n 2.10.0.

Authentication Bypass N8n
NVD GitHub
CVSS 4.0
6.3
CVE-2026-58661 MEDIUM PATCH This Month

Disk space exhaustion in n8n's data-table file upload endpoint allows an authenticated user to progressively fill the host's disk by repeatedly uploading files whose cumulative size is never checked against what already exists in the shared temporary directory. Affected versions span all n8n releases before 2.28.0 on the 2.x branch and before 1.123.58 on the 1.x branch. The flaw is rooted in a stateless per-request quota that ignores previously written files, enabling a low-privileged user to loop uploads between periodic cleanup cycles until disk space is exhausted, potentially disrupting the host and all co-resident services. No public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service File Upload N8n
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-56354 npm MEDIUM PATCH This Month

Stored cross-site scripting and open redirect vulnerabilities in n8n's Form Node allow authenticated users with workflow creation permissions to inject malicious scripts or phishing redirects that execute in the browsers of end users who interact with published forms. Affected across both the 1.x branch (before 1.123.24) and the 2.x branch (before 2.10.4 and 2.12.0). The attack surface is the Form Node's HTML description fields, which accept unsanitized markup, combined with an overly permissive iframe sandbox policy - creating a persistent attack vector embedded within legitimate workflows. No public exploit code or CISA KEV listing has been identified at time of analysis.

XSS Open Redirect N8n
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-59209 HIGH PATCH This Week

Credential disclosure in n8n workflow automation (versions prior to 1.123.61, 2.27.4, and 2.28.1) allows an authenticated member holding use-only editor access to a shared workflow to read credential-populated HTTP headers via the $request object inside an HTTP Request node's pagination expression, then exfiltrate the secret through returned item data. This defeats n8n's credential-hiding model, which is supposed to prevent low-privilege collaborators from seeing the underlying secret values. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the EPSS/POC signals were not provided.

Information Disclosure N8n
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-59206 HIGH PATCH This Week

Privilege escalation via prototype pollution in n8n workflow automation lets an authenticated low-privilege user (holding the default workflow:create permission) corrupt Object.prototype through a crafted workflow saved, updated, or imported via the workflow API. Once polluted, subsequent unauthenticated requests are evaluated as a privileged user, exposing internal user and project listing endpoints. This is an information-disclosure and access-control flaw with no public exploit identified at time of analysis; CVSS 4.0 base score is 7.1.

Information Disclosure Prototype Pollution N8n
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-59208 HIGH PATCH This Week

Authentication bypass in n8n's external identity resolution lets an attacker impersonate other users when the instance trusts more than one token-exchange issuer. Affecting n8n before 2.27.4 and version 2.28.0, the flaw stems from resolving federated identities using only the JWT sub claim while ignoring the iss claim, so a valid token from one trusted issuer whose sub matches a victim registered under a different issuer grants full access to that victim's account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the authentication-level impact (VC:H/VI:H) makes it a meaningful account-takeover risk for multi-issuer SSO deployments.

Authentication Bypass Microsoft N8n
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.1%
CVE-2026-59207 HIGH PATCH This Week

Credential secret exfiltration in n8n (self-hosted workflow automation) prior to 2.27.4 and 2.28.1 lets a low-privilege member with use-only access to a shared credential leak that secret to an attacker-controlled server. The AI Agents feature fails to enforce the 'Allowed HTTP Request Domains' restriction when an MCP tool is aimed at an arbitrary URL, so the guardrail meant to keep secrets in-bounds is bypassed. No public exploit identified at time of analysis; risk is elevated because the abuse comes from an already-authorized internal user rather than an outside attacker.

Information Disclosure N8n
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-59257 MEDIUM PATCH This Month

SQL injection in n8n's legacy MySQL v1 node (executeQuery operation) exposes the connected MySQL database to arbitrary query execution when workflow expressions interpolate attacker-controlled input without parameterization. Versions before 1.123.61 (1.x branch), 2.27.4 (2.x branch), and 2.28.1 (2.28.x branch) are affected when workflows combine the MySQL v1 node with externally-reachable triggers such as a Webhook node. No public exploit or CISA KEV listing is identified at time of analysis; however, deployments exposing such workflows to untrusted networks face high-severity database confidentiality and integrity risk.

SQLi N8n
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-59253 MEDIUM PATCH This Month

Improper authorization in n8n before 2.28.0 enables authenticated users to assign workflows to folders belonging to foreign projects by supplying crafted payloads during workflow creation. The flaw (CWE-639) bypasses project and folder ownership checks entirely, allowing logical integrity violations across organizational boundaries in multi-project deployments. No active exploitation is confirmed (not in CISA KEV) and no public proof-of-concept code has been identified at time of analysis, though the vendor has released a fix in version 2.28.0.

Authentication Bypass N8n
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-56778 npm MEDIUM PATCH This Month

Authorization bypass in n8n's Public API execution retry endpoint allows authenticated read-only users to trigger workflow executions they should not be permitted to run. The endpoint incorrectly authorizes requests against the workflow:read scope rather than the required workflow:execute scope, collapsing the intended permission boundary between read and execute access. This affects n8n instances before 2.25.7 and 2.26.x before 2.26.2 where workflows are shared across users or projects; no public exploit has been identified at time of analysis, and a vendor patch is available.

Authentication Bypass N8n
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-56776 npm MEDIUM PATCH This Month

{workflowId}/test-runs/new endpoint incorrectly validates the workflow:read scope instead of the required workflow:execute scope, enabling any project-level viewer to invoke the internal workflow runner without execute privileges. This results in unintended outbound API calls and data mutations to downstream connected systems - a meaningful integrity risk in multi-tenant RBAC deployments. No public exploit or CISA KEV listing exists at time of analysis.

Authentication Bypass N8n
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-56775 npm MEDIUM PATCH This Month

Incorrect authorization in n8n's evaluation test-run API endpoints allows authenticated project viewers to perform state-changing operations reserved for users with execute permissions. On Enterprise and Cloud deployments running Advanced Permissions with projects and viewer roles configured, an authenticated project:viewer can start new evaluation test runs, cancel in-flight runs, and delete run records for workflows they have only read access to - bypassing the intended workflow:execute scope gate. No public exploit code or CISA KEV listing exists at time of analysis, but the CVSS 4.0 score of 5.3 (PR:L) reflects the authenticated, low-complexity nature of the flaw.

Authentication Bypass N8n
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-56360 npm MEDIUM PATCH This Month

Webhook signature bypass in n8n's ZendeskTrigger node allows network-adjacent attackers who possess the webhook URL to inject arbitrary data into n8n workflows by sending unsigned POST requests. The ZendeskTrigger node omits the mandatory HMAC-SHA256 verification step that Zendesk's webhook security model requires, treating any inbound POST as a legitimate Zendesk event. This affects n8n v1.x before 1.123.18 and v2.x before 2.6.2; no public exploit or CISA KEV designation has been identified at time of analysis.

Authentication Bypass N8n
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-56359 npm MEDIUM PATCH This Month

Stored cross-site scripting in n8n before 2.8.0 allows authenticated low-privilege users to inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields within the credential management flow. When a victim - potentially a higher-privileged user - clicks the OAuth authorization button on the crafted credential, arbitrary scripts execute in their browser session carrying the victim's privileges. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the stored nature of the payload means a single malicious credential can be surfaced to multiple targets in collaborative n8n environments.

XSS N8n
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-71380 npm HIGH This Week

Arbitrary command execution in the n8n workflow automation platform lets authenticated users abuse the built-in Execute Command node to run OS commands directly on the host running n8n. Any user with workflow-editing access or stolen credentials can leverage this by-design node to exfiltrate data, disrupt the service, or fully compromise the underlying host, and CWE-284 (Improper Access Control) reflects that command execution is not restricted to trusted operators. Reported by VulnCheck; no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Authentication Bypass N8n
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-56777 npm MEDIUM PATCH This Month

The Python Code node in n8n allows authenticated workflow editors to bypass the AST security validator by crafting Python code that evades an incomplete blocklist (CWE-184), reaching the task executor module namespace. Affected self-hosted n8n deployments running versions before 2.25.7 or 2.26.x before 2.26.2 with the Python Task Runner enabled are exposed to environment variable disclosure when N8N_BLOCK_RUNNER_ENV_ACCESS is not set to restrict access, potentially leaking API keys, database credentials, or other secrets injected at process startup. No public exploit code exists and no active exploitation has been confirmed at time of analysis.

Python Information Disclosure N8n
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-56356 npm MEDIUM PATCH This Month

Stored XSS in n8n's Chat Trigger node allows authenticated workflow editors to inject JavaScript through a misconfigured sanitize-html filter in the Custom CSS field, which then executes in the browsers of every user visiting the public chat page. Affected are all 1.x releases before 1.123.27, the 2.0.0-2.13.2 range, and 2.14.0; fixed versions are 1.123.27, 2.13.3, and 2.14.1. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS 4.0 score of 5.1 reflects the authenticated prerequisite and bounded per-user impact.

XSS N8n
NVD GitHub
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-56350 npm MEDIUM POC PATCH This Month

SSO enforcement bypass in n8n before 2.8.0 allows any authenticated SSO user to disable organization-wide SSO enforcement via the API, then register a local password credential, permanently decoupling their account from the identity provider. This defeats identity-provider-enforced MFA and enables persistent access that survives SSO policy changes or user deprovisioning in the IdP. No public exploit code has been identified at time of analysis, but the technique requires only a valid SSO session and knowledge of the relevant API endpoint.

Authentication Bypass N8n
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.3%
CVE-2026-56358 npm MEDIUM PATCH This Month

Stored XSS in n8n's Form Trigger node allows any authenticated low-privilege user with workflow creation rights to inject persistent malicious scripts that execute for every visitor of a published form. Affects n8n 1.x before 1.123.25 and 2.x from 2.0.0-rc.0 before 2.11.2. No public exploit or active exploitation identified at time of analysis; the CVSS 4.0 score of 5.1 reflects partial CSP mitigation blocking session cookie theft while still permitting form hijacking and phishing against unlimited downstream victims.

XSS N8n
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-56351 npm MEDIUM PATCH This Month

SQL injection in n8n's MySQL, PostgreSQL, and Microsoft SQL database integration nodes (all versions before 2.4.0) allows authenticated users with workflow creation permissions to execute arbitrary SQL commands against connected databases by supplying crafted identifier values - table or column names - in node configuration parameters. The nodes failed to escape SQL identifiers when constructing queries, bypassing the safety guarantees users expected from parameterized inputs and enabling injection that directly impacts downstream database confidentiality and integrity. Reported by the NATO Cyber Security Centre; vendor-released patch is confirmed in n8n 2.4.0, with no public exploit code or CISA KEV listing identified at time of analysis.

PostgreSQL SQLi Microsoft N8n
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-56357 npm MEDIUM PATCH This Month

Webhook forgery in n8n's GitHub Webhook Trigger node allows unauthenticated remote attackers to spoof GitHub events and trigger arbitrary workflow execution by sending unsigned POST requests to any known webhook URL. The root cause is a complete absence of HMAC-SHA256 signature verification - the cryptographic control GitHub provides specifically to authenticate webhook deliveries - meaning n8n accepted all inbound POST traffic without validation. Affected versions span the v1 branch (below 1.123.15) and v2 branch (2.0.0 through 2.5.0); no public exploit code or CISA KEV listing exists at time of analysis, but the attack is trivially executable by any party possessing the webhook URL.

Authentication Bypass N8n
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-56348 npm MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) in n8n's dynamic node parameters endpoint allows authenticated users with credential access to bypass the platform's Allowed HTTP Request Domains restriction, causing the n8n server to issue outbound HTTP requests carrying stored credentials to attacker-controlled or unauthorized hosts. All n8n deployments prior to version 2.20.0 are affected regardless of domain restriction configuration, as the restriction is not enforced on the POST /rest/dynamic-node-parameters/options endpoint. No public exploit code or CISA KEV listing has been identified at time of analysis, but the attack is low-complexity once authentication is obtained.

SSRF N8n
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-33749 npm MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability in n8n workflow automation platform allows authenticated users to craft malicious workflows that execute arbitrary JavaScript in the browsers of higher-privileged users. Affected versions are n8n prior to 1.123.27, 2.13.3, and 2.14.1 (identified via CPE cpe:2.3:a:n8n-io:n8n). An attacker with workflow creation/modification permissions can exploit the `/rest/binary-data` endpoint's failure to properly sanitize HTML responses, enabling credential theft, workflow manipulation, and privilege escalation to administrative access with full same-origin context.

XSS Privilege Escalation N8n
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-33724 npm MEDIUM POC PATCH This Month

n8n versions prior to 2.5.0 contain a critical SSH host key verification bypass in the Source Control feature that allows network-positioned attackers to perform man-in-the-middle attacks against Git operations. Affected users who have explicitly enabled and configured SSH-based source control can have their workflows injected with malicious content or have repository data intercepted without authentication. While the feature is non-default and requires explicit configuration, the vulnerability enables complete compromise of workflow integrity and potential lateral movement within automation pipelines.

Authentication Bypass N8n
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-33720 npm MEDIUM POC PATCH This Month

This vulnerability in n8n (an open-source workflow automation platform) is an authentication bypass in the OAuth callback handler that occurs when the N8N_SKIP_AUTH_ON_OAUTH_CALLBACK environment variable is explicitly set to true. An attacker can manipulate the OAuth state parameter verification to trick a victim into completing an OAuth flow that stores the victim's OAuth tokens in an attacker-controlled credential object, allowing the attacker to execute workflows using the victim's delegated permissions. The vulnerability affects n8n versions prior to 2.8.0 and requires non-default configuration to be exploitable, limiting its widespread impact but creating significant risk for affected deployments.

Authentication Bypass N8n
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-33665 npm HIGH POC PATCH This Week

Authenticated n8n users can hijack administrator accounts when LDAP authentication is enabled by manipulating their LDAP email attribute to match a target account's email address, gaining full access that persists even after reverting the email change. This authentication bypass (CWE-287) affects n8n versions prior to 2.4.0 and 1.121.0 where LDAP is configured, and public exploit code exists. The vulnerability requires LDAP to be actively enabled and the attacker to control their own LDAP email attribute, creating a critical account takeover risk for administrators.

Authentication Bypass N8n
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-33660 npm CRITICAL POC PATCH GHSA Act Now

An authenticated user with workflow creation or modification privileges in n8n workflow automation platform can exploit the Merge node's 'Combine by SQL' mode to read arbitrary local files on the n8n host and achieve remote code execution. n8n versions prior to 2.14.1, 2.13.3, and 1.123.26 are affected. The vulnerability carries a CVSS 4.0 score of 9.4 (Critical) due to insufficient sandbox restrictions in the AlaSQL component, allowing SQL injection-style attacks against the host system. No public proof-of-concept or active exploitation (KEV) status has been reported at this time.

RCE Code Injection N8n
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.1%
CVE-2026-27578 npm MEDIUM PATCH This Month

n8n is an open source workflow automation platform. [CVSS 5.4 MEDIUM]

XSS N8n
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27577 npm CRITICAL PATCH Act Now

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path through the expression engine. Patch available.

RCE Code Injection Command Injection Node.js N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-27498 npm HIGH PATCH This Week

Remote code execution in n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to execute arbitrary shell commands by chaining file write operations with git functions to manipulate configuration files. Versions prior to 2.2.0 and 1.123.8 are affected, and administrators should upgrade immediately or restrict workflow editing permissions to trusted users only.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-27497 npm HIGH PATCH This Week

Authenticated users with workflow modification permissions in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 can exploit the Merge node's SQL query mode to execute arbitrary code and write files on the server. This high-severity vulnerability (CVSS 8.8) affects the AI/ML and workflow automation platform, allowing attackers with legitimate access to achieve complete system compromise. No patch is currently available, and administrators should restrict workflow permissions or disable the Merge node as temporary mitigations.

RCE SQLi AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27495 npm CRITICAL PATCH Act Now

Code injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22 allows authenticated users to execute arbitrary code by creating or editing workflows with malicious expressions. Third n8n RCE CVE in this release.

Code Injection RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27494 npm CRITICAL PATCH Act Now

Python sandbox escape in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Users who can modify workflows can escape the Python Code node sandbox for full host compromise on instances using internal Task Runners.

Python AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27493 npm CRITICAL PATCH Act Now

Second-order expression injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Crafted workflow data triggers expression evaluation leading to code execution. Patch available.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.0
EPSS
0.2%
CVE-2026-25631 npm MEDIUM PATCH This Month

Improper credential domain validation in n8n's HTTP Request node prior to version 1.121.0 enables authenticated attackers to redirect requests containing credentials to unintended domains, risking credential theft for users with wildcard domain patterns in their allowed domains configuration. The vulnerability requires valid authentication and has a low exploitation probability, with no public exploit currently available.

Code Injection N8n
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-21893 npm HIGH PATCH This Week

n8n versions 0.187.0 through 1.120.2 contain a command injection vulnerability in the community package installation feature that allows authenticated administrators to execute arbitrary system commands on the host. The vulnerability requires high privilege access and specific conditions to exploit but carries high risk due to potential complete system compromise. A patch is available in version 1.120.3.

Command Injection N8n
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-25115 npm CRITICAL PATCH Act Now

n8n has a protection mechanism bypass (CVSS 9.9) in the Python sandbox allowing authenticated users to escape code execution restrictions.

Python N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-25056 npm HIGH PATCH This Week

N8N versions up to 1.118.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-25055 npm HIGH PATCH This Week

n8n is an open source workflow automation platform. [CVSS 8.1 HIGH]

SSH RCE AI / ML N8n
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25054 npm MEDIUM PATCH This Month

Stored cross-site scripting in n8n's markdown rendering component allows authenticated users to inject malicious scripts into workflows and sticky notes that execute with session privileges when viewed by other users. An attacker with workflow modification permissions can exploit this to hijack sessions and compromise accounts of users who interact with affected workflows. Versions 1.123.9 and 2.2.1 contain fixes for this vulnerability.

XSS AI / ML N8n
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-25053 npm CRITICAL PATCH Act Now

n8n has a command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands through workflow definitions.

RCE Command Injection Information Disclosure Node.js AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25052 npm CRITICAL PATCH Act Now

n8n has a TOCTOU race condition vulnerability (CVSS 9.9) enabling bypass of execution restrictions in workflow processing.

Information Disclosure AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-25051 npm MEDIUM PATCH This Month

Improper Content Security Policy enforcement in n8n workflow automation allows authenticated users to inject persistent XSS payloads into webhook responses that execute with same-origin privileges when other users access the affected workflows. An attacker with workflow creation/modification permissions could exploit this to hijack sessions and compromise user accounts. The vulnerability affects n8n versions prior to 1.123.2.

XSS AI / ML N8n
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-25049 npm CRITICAL POC PATCH Act Now

n8n workflow automation platform has an authenticated code execution vulnerability (CVSS 9.9) through improper runtime behavior modification, enabling server takeover.

RCE Command Injection Code Injection Node.js AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-61917 npm HIGH PATCH This Week

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. [CVSS 7.7 HIGH]

Node.js Information Disclosure N8n
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-1470 npm CRITICAL POC PATCH Act Now

n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through crafted workflow expressions.

RCE AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-0863 HIGH POC PATCH This Week

Authenticated users can exploit string formatting and exception handling in n8n's Python task executor to escape sandbox restrictions and execute arbitrary code on the underlying operating system, with full instance takeover possible in Internal execution mode. Public exploit code exists for this vulnerability, which affects n8n deployments running under Internal execution mode where the Python executor has direct OS access. External execution mode deployments using Docker sidecars have reduced impact as code execution is confined to the container rather than the main node.

Python Docker AI / ML N8n
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-68949 npm MEDIUM PATCH This Month

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. [CVSS 5.3 MEDIUM]

Code Injection N8n
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-21894 npm MEDIUM PATCH This Month

n8n versions 0.150.0 through 2.2.1 lack webhook signature verification in the Stripe Trigger node, enabling unauthenticated attackers to forge Stripe events and trigger workflows by sending crafted POST requests to known webhook URLs. Affected users with active Stripe Trigger workflows could experience unauthorized execution of automation logic, potentially allowing attackers to simulate fraudulent payment or subscription events. A patch is available in version 2.2.2 and later.

Authentication Bypass N8n
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21877 npm CRITICAL POC PATCH THREAT Act Now

n8n workflow automation (through 1.121.2) allows authenticated users to execute arbitrary code via the n8n service, with scope change enabling full compromise of both self-hosted and cloud instances. EPSS 12.5% indicates high exploitation activity. Patch available.

RCE Code Injection Node.js N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
12.5%
CVE-2026-21858 npm CRITICAL POC PATCH Act Now

n8n workflow automation (1.65.0 to 1.121.0) allows unauthenticated file access through form-based workflows. A critical CVSS 10.0 vulnerability enabling remote attackers to read sensitive files from the server, with potential for further compromise. PoC available.

Information Disclosure Path Traversal LFI Node.js N8n
NVD GitHub
CVSS 3.1
10.0
EPSS
7.1%
CVE-2025-58177 npm MEDIUM PATCH This Month

n8n is an open source workflow automation platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Information Disclosure XSS N8n Langchain AI / ML
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-56265 npm HIGH POC PATCH This Week

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-57749 npm MEDIUM PATCH This Month

n8n is a workflow automation platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure N8n
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-52478 npm HIGH PATCH This Month

n8n is a workflow automation platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS N8n
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-52554 npm MEDIUM PATCH This Month

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.

Authentication Bypass N8n
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49595 npm MEDIUM PATCH This Month

n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-data endpoint and n8n.cloud instances (confirmed HTTP/2 524 timeout responses). Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. This issue has been patched in version 1.99.0.

Denial Of Service N8n
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-49592 npm MEDIUM PATCH This Month

n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com), credential or 2FA theft if users are tricked into re-entering sensitive information, and/or reputation risk due to the visual similarity between attacker-controlled domains and trusted ones. The vulnerability affects anyone hosting n8n and exposing the `/signin` endpoint to users. The issue has been patched in version 1.98.0. All users should upgrade to this version or later. The fix introduces strict origin validation for redirect URLs, ensuring only same-origin or relative paths are allowed after login.

Open Redirect N8n
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-46343 npm MEDIUM PATCH This Month

n8n is a workflow automation platform. Rated medium severity (CVSS 5.0). This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS N8n
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2023-27564 npm HIGH POC PATCH This Week

The n8n package 0.218.0 for Node.js allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure N8n
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-27563 npm HIGH POC PATCH This Week

The n8n package 0.218.0 for Node.js allows Escalation of Privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Node.js N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-27562 npm MEDIUM POC PATCH This Month

The n8n package 0.218.0 for Node.js allows Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal N8n
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVSS 6.0
MEDIUM PATCH This Month

Permission bypass in n8n's external secrets handling allows authenticated low-privilege users to exfiltrate secrets they are not authorized to access by exploiting a mismatch between the platform's static validation layer and its runtime expression engine. Affected are all n8n instances running versions before 1.123.61 (1.x branch), 2.27.4, or 2.28.1 (2.x branch) that have both an external secrets provider and Advanced Permissions configured. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV, but the confidentiality impact is high for affected deployments given that secrets such as API keys and credentials may be fully exposed.

Authentication Bypass N8n
NVD GitHub
CVSS 6.3
MEDIUM PATCH This Month

Unauthorized external secret disclosure in n8n before 2.28.1 allows authenticated project editors to read plaintext secret values from external secret managers by embedding references in workflow node expressions. The flaw bypasses the intended access control model: users with project editor roles - who are not granted explicit secrets access permissions - can nonetheless resolve and exfiltrate secrets via expression syntax. No public exploit or active exploitation has been identified, but the CVSS 4.0 vector assigns SC:H (high confidentiality impact on subsequent systems), reflecting that secrets stored in downstream vaults or secret managers are fully exposed to insufficiently privileged users.

Authentication Bypass Information Disclosure N8n
NVD GitHub
CVSS 6.3
MEDIUM PATCH This Month

Authentication bypass in the n8n Chat Trigger node allows unauthenticated network access to protected webhook endpoints when the node is explicitly configured with n8n User Auth - a non-default operator setting. Affected releases span all 1.x builds before 1.123.22, the entire 2.0.0-2.9.2 range, and 2.10.0. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; the CVSS 4.0 score of 6.3 with AT:P correctly reflects that real-world exposure is bounded by the non-default configuration prerequisite.

Authentication Bypass N8n
NVD GitHub
CVSS 5.3
MEDIUM PATCH This Month

File path restriction bypass in n8n before 2.19.3 allows authenticated users with workflow creation or modification rights to circumvent the N8N_RESTRICT_FILE_ACCESS_TO security boundary via a legacy REST API code path, enabling arbitrary file existence disclosure on the host filesystem. Where a targeted path contains valid workflow JSON, that file can additionally be loaded and executed by the n8n engine, potentially triggering downstream actions on all systems connected to that workflow. No public exploit or active exploitation has been identified at time of analysis, but the low complexity and broad impact on connected downstream systems make this a meaningful risk in multi-tenant or partially-trusted deployments.

Path Traversal N8n
NVD GitHub VulDB
CVSS 6.3
MEDIUM PATCH This Month

Input validation bypass in n8n's Guardrail node (versions before 2.10.0) allows end users interacting with affected workflows to circumvent AI safety guardrail instructions through crafted inputs, undermining workflow integrity. Any n8n deployment running a workflow that incorporates the Guardrail node is exposed; instances not using that node are entirely unaffected regardless of version. No public exploit code has been identified and this CVE does not appear in CISA KEV; a vendor-confirmed patch is available in n8n 2.10.0.

Authentication Bypass N8n
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Disk space exhaustion in n8n's data-table file upload endpoint allows an authenticated user to progressively fill the host's disk by repeatedly uploading files whose cumulative size is never checked against what already exists in the shared temporary directory. Affected versions span all n8n releases before 2.28.0 on the 2.x branch and before 1.123.58 on the 1.x branch. The flaw is rooted in a stateless per-request quota that ignores previously written files, enabling a low-privileged user to loop uploads between periodic cleanup cycles until disk space is exhausted, potentially disrupting the host and all co-resident services. No public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service File Upload N8n
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stored cross-site scripting and open redirect vulnerabilities in n8n's Form Node allow authenticated users with workflow creation permissions to inject malicious scripts or phishing redirects that execute in the browsers of end users who interact with published forms. Affected across both the 1.x branch (before 1.123.24) and the 2.x branch (before 2.10.4 and 2.12.0). The attack surface is the Form Node's HTML description fields, which accept unsanitized markup, combined with an overly permissive iframe sandbox policy - creating a persistent attack vector embedded within legitimate workflows. No public exploit code or CISA KEV listing has been identified at time of analysis.

XSS Open Redirect N8n
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Credential disclosure in n8n workflow automation (versions prior to 1.123.61, 2.27.4, and 2.28.1) allows an authenticated member holding use-only editor access to a shared workflow to read credential-populated HTTP headers via the $request object inside an HTTP Request node's pagination expression, then exfiltrate the secret through returned item data. This defeats n8n's credential-hiding model, which is supposed to prevent low-privilege collaborators from seeing the underlying secret values. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the EPSS/POC signals were not provided.

Information Disclosure N8n
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Privilege escalation via prototype pollution in n8n workflow automation lets an authenticated low-privilege user (holding the default workflow:create permission) corrupt Object.prototype through a crafted workflow saved, updated, or imported via the workflow API. Once polluted, subsequent unauthenticated requests are evaluated as a privileged user, exposing internal user and project listing endpoints. This is an information-disclosure and access-control flaw with no public exploit identified at time of analysis; CVSS 4.0 base score is 7.1.

Information Disclosure Prototype Pollution N8n
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Authentication bypass in n8n's external identity resolution lets an attacker impersonate other users when the instance trusts more than one token-exchange issuer. Affecting n8n before 2.27.4 and version 2.28.0, the flaw stems from resolving federated identities using only the JWT sub claim while ignoring the iss claim, so a valid token from one trusted issuer whose sub matches a victim registered under a different issuer grants full access to that victim's account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the authentication-level impact (VC:H/VI:H) makes it a meaningful account-takeover risk for multi-issuer SSO deployments.

Authentication Bypass Microsoft N8n
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Credential secret exfiltration in n8n (self-hosted workflow automation) prior to 2.27.4 and 2.28.1 lets a low-privilege member with use-only access to a shared credential leak that secret to an attacker-controlled server. The AI Agents feature fails to enforce the 'Allowed HTTP Request Domains' restriction when an MCP tool is aimed at an arbitrary URL, so the guardrail meant to keep secrets in-bounds is bypassed. No public exploit identified at time of analysis; risk is elevated because the abuse comes from an already-authorized internal user rather than an outside attacker.

Information Disclosure N8n
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

SQL injection in n8n's legacy MySQL v1 node (executeQuery operation) exposes the connected MySQL database to arbitrary query execution when workflow expressions interpolate attacker-controlled input without parameterization. Versions before 1.123.61 (1.x branch), 2.27.4 (2.x branch), and 2.28.1 (2.28.x branch) are affected when workflows combine the MySQL v1 node with externally-reachable triggers such as a Webhook node. No public exploit or CISA KEV listing is identified at time of analysis; however, deployments exposing such workflows to untrusted networks face high-severity database confidentiality and integrity risk.

SQLi N8n
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper authorization in n8n before 2.28.0 enables authenticated users to assign workflows to folders belonging to foreign projects by supplying crafted payloads during workflow creation. The flaw (CWE-639) bypasses project and folder ownership checks entirely, allowing logical integrity violations across organizational boundaries in multi-project deployments. No active exploitation is confirmed (not in CISA KEV) and no public proof-of-concept code has been identified at time of analysis, though the vendor has released a fix in version 2.28.0.

Authentication Bypass N8n
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Authorization bypass in n8n's Public API execution retry endpoint allows authenticated read-only users to trigger workflow executions they should not be permitted to run. The endpoint incorrectly authorizes requests against the workflow:read scope rather than the required workflow:execute scope, collapsing the intended permission boundary between read and execute access. This affects n8n instances before 2.25.7 and 2.26.x before 2.26.2 where workflows are shared across users or projects; no public exploit has been identified at time of analysis, and a vendor patch is available.

Authentication Bypass N8n
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

{workflowId}/test-runs/new endpoint incorrectly validates the workflow:read scope instead of the required workflow:execute scope, enabling any project-level viewer to invoke the internal workflow runner without execute privileges. This results in unintended outbound API calls and data mutations to downstream connected systems - a meaningful integrity risk in multi-tenant RBAC deployments. No public exploit or CISA KEV listing exists at time of analysis.

Authentication Bypass N8n
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Incorrect authorization in n8n's evaluation test-run API endpoints allows authenticated project viewers to perform state-changing operations reserved for users with execute permissions. On Enterprise and Cloud deployments running Advanced Permissions with projects and viewer roles configured, an authenticated project:viewer can start new evaluation test runs, cancel in-flight runs, and delete run records for workflows they have only read access to - bypassing the intended workflow:execute scope gate. No public exploit code or CISA KEV listing exists at time of analysis, but the CVSS 4.0 score of 5.3 (PR:L) reflects the authenticated, low-complexity nature of the flaw.

Authentication Bypass N8n
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Webhook signature bypass in n8n's ZendeskTrigger node allows network-adjacent attackers who possess the webhook URL to inject arbitrary data into n8n workflows by sending unsigned POST requests. The ZendeskTrigger node omits the mandatory HMAC-SHA256 verification step that Zendesk's webhook security model requires, treating any inbound POST as a legitimate Zendesk event. This affects n8n v1.x before 1.123.18 and v2.x before 2.6.2; no public exploit or CISA KEV designation has been identified at time of analysis.

Authentication Bypass N8n
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Stored cross-site scripting in n8n before 2.8.0 allows authenticated low-privilege users to inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields within the credential management flow. When a victim - potentially a higher-privileged user - clicks the OAuth authorization button on the crafted credential, arbitrary scripts execute in their browser session carrying the victim's privileges. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the stored nature of the payload means a single malicious credential can be surfaced to multiple targets in collaborative n8n environments.

XSS N8n
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Arbitrary command execution in the n8n workflow automation platform lets authenticated users abuse the built-in Execute Command node to run OS commands directly on the host running n8n. Any user with workflow-editing access or stolen credentials can leverage this by-design node to exfiltrate data, disrupt the service, or fully compromise the underlying host, and CWE-284 (Improper Access Control) reflects that command execution is not restricted to trusted operators. Reported by VulnCheck; no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Authentication Bypass N8n
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Python Code node in n8n allows authenticated workflow editors to bypass the AST security validator by crafting Python code that evades an incomplete blocklist (CWE-184), reaching the task executor module namespace. Affected self-hosted n8n deployments running versions before 2.25.7 or 2.26.x before 2.26.2 with the Python Task Runner enabled are exposed to environment variable disclosure when N8N_BLOCK_RUNNER_ENV_ACCESS is not set to restrict access, potentially leaking API keys, database credentials, or other secrets injected at process startup. No public exploit code exists and no active exploitation has been confirmed at time of analysis.

Python Information Disclosure N8n
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stored XSS in n8n's Chat Trigger node allows authenticated workflow editors to inject JavaScript through a misconfigured sanitize-html filter in the Custom CSS field, which then executes in the browsers of every user visiting the public chat page. Affected are all 1.x releases before 1.123.27, the 2.0.0-2.13.2 range, and 2.14.0; fixed versions are 1.123.27, 2.13.3, and 2.14.1. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS 4.0 score of 5.1 reflects the authenticated prerequisite and bounded per-user impact.

XSS N8n
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM POC PATCH This Month

SSO enforcement bypass in n8n before 2.8.0 allows any authenticated SSO user to disable organization-wide SSO enforcement via the API, then register a local password credential, permanently decoupling their account from the identity provider. This defeats identity-provider-enforced MFA and enables persistent access that survives SSO policy changes or user deprovisioning in the IdP. No public exploit code has been identified at time of analysis, but the technique requires only a valid SSO session and knowledge of the relevant API endpoint.

Authentication Bypass N8n
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stored XSS in n8n's Form Trigger node allows any authenticated low-privilege user with workflow creation rights to inject persistent malicious scripts that execute for every visitor of a published form. Affects n8n 1.x before 1.123.25 and 2.x from 2.0.0-rc.0 before 2.11.2. No public exploit or active exploitation identified at time of analysis; the CVSS 4.0 score of 5.1 reflects partial CSP mitigation blocking session cookie theft while still permitting form hijacking and phishing against unlimited downstream victims.

XSS N8n
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

SQL injection in n8n's MySQL, PostgreSQL, and Microsoft SQL database integration nodes (all versions before 2.4.0) allows authenticated users with workflow creation permissions to execute arbitrary SQL commands against connected databases by supplying crafted identifier values - table or column names - in node configuration parameters. The nodes failed to escape SQL identifiers when constructing queries, bypassing the safety guarantees users expected from parameterized inputs and enabling injection that directly impacts downstream database confidentiality and integrity. Reported by the NATO Cyber Security Centre; vendor-released patch is confirmed in n8n 2.4.0, with no public exploit code or CISA KEV listing identified at time of analysis.

PostgreSQL SQLi Microsoft +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Webhook forgery in n8n's GitHub Webhook Trigger node allows unauthenticated remote attackers to spoof GitHub events and trigger arbitrary workflow execution by sending unsigned POST requests to any known webhook URL. The root cause is a complete absence of HMAC-SHA256 signature verification - the cryptographic control GitHub provides specifically to authenticate webhook deliveries - meaning n8n accepted all inbound POST traffic without validation. Affected versions span the v1 branch (below 1.123.15) and v2 branch (2.0.0 through 2.5.0); no public exploit code or CISA KEV listing exists at time of analysis, but the attack is trivially executable by any party possessing the webhook URL.

Authentication Bypass N8n
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) in n8n's dynamic node parameters endpoint allows authenticated users with credential access to bypass the platform's Allowed HTTP Request Domains restriction, causing the n8n server to issue outbound HTTP requests carrying stored credentials to attacker-controlled or unauthorized hosts. All n8n deployments prior to version 2.20.0 are affected regardless of domain restriction configuration, as the restriction is not enforced on the POST /rest/dynamic-node-parameters/options endpoint. No public exploit code or CISA KEV listing has been identified at time of analysis, but the attack is low-complexity once authentication is obtained.

SSRF N8n
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability in n8n workflow automation platform allows authenticated users to craft malicious workflows that execute arbitrary JavaScript in the browsers of higher-privileged users. Affected versions are n8n prior to 1.123.27, 2.13.3, and 2.14.1 (identified via CPE cpe:2.3:a:n8n-io:n8n). An attacker with workflow creation/modification permissions can exploit the `/rest/binary-data` endpoint's failure to properly sanitize HTML responses, enabling credential theft, workflow manipulation, and privilege escalation to administrative access with full same-origin context.

XSS Privilege Escalation N8n
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

n8n versions prior to 2.5.0 contain a critical SSH host key verification bypass in the Source Control feature that allows network-positioned attackers to perform man-in-the-middle attacks against Git operations. Affected users who have explicitly enabled and configured SSH-based source control can have their workflows injected with malicious content or have repository data intercepted without authentication. While the feature is non-default and requires explicit configuration, the vulnerability enables complete compromise of workflow integrity and potential lateral movement within automation pipelines.

Authentication Bypass N8n
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

This vulnerability in n8n (an open-source workflow automation platform) is an authentication bypass in the OAuth callback handler that occurs when the N8N_SKIP_AUTH_ON_OAUTH_CALLBACK environment variable is explicitly set to true. An attacker can manipulate the OAuth state parameter verification to trick a victim into completing an OAuth flow that stores the victim's OAuth tokens in an attacker-controlled credential object, allowing the attacker to execute workflows using the victim's delegated permissions. The vulnerability affects n8n versions prior to 2.8.0 and requires non-default configuration to be exploitable, limiting its widespread impact but creating significant risk for affected deployments.

Authentication Bypass N8n
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Authenticated n8n users can hijack administrator accounts when LDAP authentication is enabled by manipulating their LDAP email attribute to match a target account's email address, gaining full access that persists even after reverting the email change. This authentication bypass (CWE-287) affects n8n versions prior to 2.4.0 and 1.121.0 where LDAP is configured, and public exploit code exists. The vulnerability requires LDAP to be actively enabled and the attacker to control their own LDAP email attribute, creating a critical account takeover risk for administrators.

Authentication Bypass N8n
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL POC PATCH Act Now

An authenticated user with workflow creation or modification privileges in n8n workflow automation platform can exploit the Merge node's 'Combine by SQL' mode to read arbitrary local files on the n8n host and achieve remote code execution. n8n versions prior to 2.14.1, 2.13.3, and 1.123.26 are affected. The vulnerability carries a CVSS 4.0 score of 9.4 (Critical) due to insufficient sandbox restrictions in the AlaSQL component, allowing SQL injection-style attacks against the host system. No public proof-of-concept or active exploitation (KEV) status has been reported at this time.

RCE Code Injection N8n
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

n8n is an open source workflow automation platform. [CVSS 5.4 MEDIUM]

XSS N8n
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path through the expression engine. Patch available.

RCE Code Injection Command Injection +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to execute arbitrary shell commands by chaining file write operations with git functions to manipulate configuration files. Versions prior to 2.2.0 and 1.123.8 are affected, and administrators should upgrade immediately or restrict workflow editing permissions to trusted users only.

RCE AI / ML N8n
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated users with workflow modification permissions in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 can exploit the Merge node's SQL query mode to execute arbitrary code and write files on the server. This high-severity vulnerability (CVSS 8.8) affects the AI/ML and workflow automation platform, allowing attackers with legitimate access to achieve complete system compromise. No patch is currently available, and administrators should restrict workflow permissions or disable the Merge node as temporary mitigations.

RCE SQLi AI / ML +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Code injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22 allows authenticated users to execute arbitrary code by creating or editing workflows with malicious expressions. Third n8n RCE CVE in this release.

Code Injection RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Python sandbox escape in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Users who can modify workflows can escape the Python Code node sandbox for full host compromise on instances using internal Task Runners.

Python AI / ML N8n
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Second-order expression injection in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Crafted workflow data triggers expression evaluation leading to code execution. Patch available.

RCE AI / ML N8n
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Improper credential domain validation in n8n's HTTP Request node prior to version 1.121.0 enables authenticated attackers to redirect requests containing credentials to unintended domains, risking credential theft for users with wildcard domain patterns in their allowed domains configuration. The vulnerability requires valid authentication and has a low exploitation probability, with no public exploit currently available.

Code Injection N8n
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

n8n versions 0.187.0 through 1.120.2 contain a command injection vulnerability in the community package installation feature that allows authenticated administrators to execute arbitrary system commands on the host. The vulnerability requires high privilege access and specific conditions to exploit but carries high risk due to potential complete system compromise. A patch is available in version 1.120.3.

Command Injection N8n
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

n8n has a protection mechanism bypass (CVSS 9.9) in the Python sandbox allowing authenticated users to escape code execution restrictions.

Python N8n
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

N8N versions up to 1.118.0 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

RCE AI / ML N8n
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

n8n is an open source workflow automation platform. [CVSS 8.1 HIGH]

SSH RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored cross-site scripting in n8n's markdown rendering component allows authenticated users to inject malicious scripts into workflows and sticky notes that execute with session privileges when viewed by other users. An attacker with workflow modification permissions can exploit this to hijack sessions and compromise accounts of users who interact with affected workflows. Versions 1.123.9 and 2.2.1 contain fixes for this vulnerability.

XSS AI / ML N8n
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

n8n has a command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands through workflow definitions.

RCE Command Injection Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

n8n has a TOCTOU race condition vulnerability (CVSS 9.9) enabling bypass of execution restrictions in workflow processing.

Information Disclosure AI / ML N8n
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Improper Content Security Policy enforcement in n8n workflow automation allows authenticated users to inject persistent XSS payloads into webhook responses that execute with same-origin privileges when other users access the affected workflows. An attacker with workflow creation/modification permissions could exploit this to hijack sessions and compromise user accounts. The vulnerability affects n8n versions prior to 1.123.2.

XSS AI / ML N8n
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

n8n workflow automation platform has an authenticated code execution vulnerability (CVSS 9.9) through improper runtime behavior modification, enabling server takeover.

RCE Command Injection Code Injection +3
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. [CVSS 7.7 HIGH]

Node.js Information Disclosure N8n
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through crafted workflow expressions.

RCE AI / ML N8n
NVD GitHub
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Authenticated users can exploit string formatting and exception handling in n8n's Python task executor to escape sandbox restrictions and execute arbitrary code on the underlying operating system, with full instance takeover possible in Internal execution mode. Public exploit code exists for this vulnerability, which affects n8n deployments running under Internal execution mode where the Python executor has direct OS access. External execution mode deployments using Docker sidecars have reduced impact as code execution is confined to the container rather than the main node.

Python Docker AI / ML +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. [CVSS 5.3 MEDIUM]

Code Injection N8n
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

n8n versions 0.150.0 through 2.2.1 lack webhook signature verification in the Stripe Trigger node, enabling unauthenticated attackers to forge Stripe events and trigger workflows by sending crafted POST requests to known webhook URLs. Affected users with active Stripe Trigger workflows could experience unauthorized execution of automation logic, potentially allowing attackers to simulate fraudulent payment or subscription events. A patch is available in version 2.2.2 and later.

Authentication Bypass N8n
NVD GitHub
EPSS 12% CVSS 9.9
CRITICAL POC PATCH THREAT Act Now

n8n workflow automation (through 1.121.2) allows authenticated users to execute arbitrary code via the n8n service, with scope change enabling full compromise of both self-hosted and cloud instances. EPSS 12.5% indicates high exploitation activity. Patch available.

RCE Code Injection Node.js +1
NVD GitHub
EPSS 7% CVSS 10.0
CRITICAL POC PATCH Act Now

n8n workflow automation (1.65.0 to 1.121.0) allows unauthenticated file access through form-based workflows. A critical CVSS 10.0 vulnerability enabling remote attackers to read sensitive files from the server, with potential for further compromise. PoC available.

Information Disclosure Path Traversal LFI +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

n8n is an open source workflow automation platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Information Disclosure XSS N8n +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload N8n
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

n8n is a workflow automation platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure N8n
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Month

n8n is a workflow automation platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS N8n
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.

Authentication Bypass N8n
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-data endpoint and n8n.cloud instances (confirmed HTTP/2 524 timeout responses). Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. This issue has been patched in version 1.99.0.

Denial Of Service N8n
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com), credential or 2FA theft if users are tricked into re-entering sensitive information, and/or reputation risk due to the visual similarity between attacker-controlled domains and trusted ones. The vulnerability affects anyone hosting n8n and exposing the `/signin` endpoint to users. The issue has been patched in version 1.98.0. All users should upgrade to this version or later. The fix introduces strict origin validation for redirect URLs, ensuring only same-origin or relative paths are allowed after login.

Open Redirect N8n
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

n8n is a workflow automation platform. Rated medium severity (CVSS 5.0). This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS N8n
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The n8n package 0.218.0 for Node.js allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure N8n
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

The n8n package 0.218.0 for Node.js allows Escalation of Privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Node.js N8n
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

The n8n package 0.218.0 for Node.js allows Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal N8n
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy