npm package

n8n

pkg:npm/n8n

Vulnerabilities (67)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-45732	hig	—	< 1.123.43	1.123.43	May 14, 2026	## Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using `credential:read` rather than `credential:update`. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token mater
CVE-2026-44792	hig	—	< 1.123.43	1.123.43	May 14, 2026	## Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could le
CVE-2026-44791	cri	—	< 1.123.43	1.123.43	May 14, 2026	## Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. ## Patches The issue has been fixed in n8n versions 1.123.43, 2.2
CVE-2026-44790	cri	—	< 1.123.43	1.123.43	May 14, 2026	## Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. ## Patches The issue has been fixed in n
CVE-2026-44789	cri	—	< 1.123.43	1.123.43	May 14, 2026	## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. ## Patches The issue ha
CVE-2026-42237	Hig	8.8	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names
CVE-2026-42236	Hig	7.5	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exh
CVE-2026-42235	Cri	9.6	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequen
CVE-2026-42234	Hig	8.8	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner c
CVE-2026-42233	Cri	9.8	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query witho
CVE-2026-42232	Hig	8.8	>= 2.18.0, < 2.18.1	2.18.1	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiti
CVE-2026-42231	Hig	8.8	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission
CVE-2026-42230	Med	6.1	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAu
CVE-2026-42229	Hig	8.8	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterizatio
CVE-2026-42228	Med	6.5	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An
CVE-2026-42227	Med	6.5	< 1.123.32	1.123.32	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter t
CVE-2026-42226	Hig	7.5	>= 2.17.0, < 2.17.5	2.17.5	May 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared wo
CVE-2026-33751		—	< 1.123.27	1.123.27	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflo
CVE-2026-33749		—	< 1.123.27	1.123.27	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endp
CVE-2026-33724		—	< 2.5.0	2.5.0	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the

CVE-2026-45732higMay 14, 2026
affected < 1.123.43fixed 1.123.43
## Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using `credential:read` rather than `credential:update`. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token mater
CVE-2026-44792higMay 14, 2026
affected < 1.123.43fixed 1.123.43
## Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could le
CVE-2026-44791criMay 14, 2026
affected < 1.123.43fixed 1.123.43
## Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. ## Patches The issue has been fixed in n8n versions 1.123.43, 2.2
CVE-2026-44790criMay 14, 2026
affected < 1.123.43fixed 1.123.43
## Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. ## Patches The issue has been fixed in n
CVE-2026-44789criMay 14, 2026
affected < 1.123.43fixed 1.123.43
## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. ## Patches The issue ha
CVE-2026-42237HigMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names
CVE-2026-42236HigMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exh
CVE-2026-42235CriMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequen
CVE-2026-42234HigMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner c
CVE-2026-42233CriMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query witho
CVE-2026-42232HigMay 4, 2026
affected >= 2.18.0, < 2.18.1fixed 2.18.1
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiti
CVE-2026-42231HigMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission
CVE-2026-42230MedMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAu
CVE-2026-42229HigMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterizatio
CVE-2026-42228MedMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An
CVE-2026-42227MedMay 4, 2026
affected < 1.123.32fixed 1.123.32
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter t
CVE-2026-42226HigMay 4, 2026
affected >= 2.17.0, < 2.17.5fixed 2.17.5
n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared wo
CVE-2026-33751Mar 25, 2026
affected < 1.123.27fixed 1.123.27
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflo
CVE-2026-33749Mar 25, 2026
affected < 1.123.27fixed 1.123.27
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endp
CVE-2026-33724Mar 25, 2026
affected < 2.5.0fixed 2.5.0
n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the

Page 1 of 4