npm package

n8n

pkg:npm/n8n

Vulnerabilities (67)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-33663	Med	6.5	< 1.123.27	1.123.27	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials
CVE-2026-33722		—	< 1.123.23	1.123.23	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. T
CVE-2026-33720		—	< 2.8.0	2.8.0	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a v
CVE-2026-33713		—	< 1.123.26	1.123.26	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements
CVE-2026-33696		—	>= 2.14.0, < 2.14.1	2.14.1	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted p
CVE-2026-33665		—	>= 2.0.0-rc.0, < 2.4.0	2.4.0	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDA
CVE-2026-33660		—	>= 2.14.0, < 2.14.1	2.14.1	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code exe
CVE-2026-27496		—	< 1.123.22	1.123.22	Mar 25, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain
CVE-2026-27498		—	< 1.123.8	1.123.8	Feb 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specifi
CVE-2026-27578		—	< 1.123.22	1.123.22	Feb 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various n
CVE-2026-27577		—	< 1.123.22	1.123.22	Feb 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflow
CVE-2026-27497		—	< 1.123.22	1.123.22	Feb 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n ser
CVE-2026-27495		—	< 1.123.22	1.123.22	Feb 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox
CVE-2026-27494		—	< 1.123.22	1.123.22	Feb 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain
CVE-2026-27493		—	< 1.123.22	1.123.22	Feb 25, 2026	n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submit
CVE-2026-25631		—	< 1.121.0	1.121.0	Feb 6, 2026	n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfi
CVE-2026-21893		—	>= 0.187.0, < 1.120.3	1.120.3	Feb 4, 2026	n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arb
CVE-2026-25115		—	< 2.4.8	2.4.8	Feb 4, 2026	n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in ve
CVE-2026-25056		—	< 1.118.0	1.118.0	Feb 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentiall
CVE-2026-25055		—	>= 2.0.0, < 2.4.0	2.4.0	Feb 4, 2026	n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended l

CVE-2026-33663MedMar 25, 2026
affected < 1.123.27fixed 1.123.27
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials
CVE-2026-33722Mar 25, 2026
affected < 1.123.23fixed 1.123.23
n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. T
CVE-2026-33720Mar 25, 2026
affected < 2.8.0fixed 2.8.0
n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a v
CVE-2026-33713Mar 25, 2026
affected < 1.123.26fixed 1.123.26
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements
CVE-2026-33696Mar 25, 2026
affected >= 2.14.0, < 2.14.1fixed 2.14.1
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted p
CVE-2026-33665Mar 25, 2026
affected >= 2.0.0-rc.0, < 2.4.0fixed 2.4.0
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDA
CVE-2026-33660Mar 25, 2026
affected >= 2.14.0, < 2.14.1fixed 2.14.1
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code exe
CVE-2026-27496Mar 25, 2026
affected < 1.123.22fixed 1.123.22
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain
CVE-2026-27498Feb 25, 2026
affected < 1.123.8fixed 1.123.8
n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specifi
CVE-2026-27578Feb 25, 2026
affected < 1.123.22fixed 1.123.22
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various n
CVE-2026-27577Feb 25, 2026
affected < 1.123.22fixed 1.123.22
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflow
CVE-2026-27497Feb 25, 2026
affected < 1.123.22fixed 1.123.22
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n ser
CVE-2026-27495Feb 25, 2026
affected < 1.123.22fixed 1.123.22
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox
CVE-2026-27494Feb 25, 2026
affected < 1.123.22fixed 1.123.22
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain
CVE-2026-27493Feb 25, 2026
affected < 1.123.22fixed 1.123.22
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submit
CVE-2026-25631Feb 6, 2026
affected < 1.121.0fixed 1.121.0
n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfi
CVE-2026-21893Feb 4, 2026
affected >= 0.187.0, < 1.120.3fixed 1.120.3
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arb
CVE-2026-25115Feb 4, 2026
affected < 2.4.8fixed 2.4.8
n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in ve
CVE-2026-25056Feb 4, 2026
affected < 1.118.0fixed 1.118.0
n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentiall
CVE-2026-25055Feb 4, 2026
affected >= 2.0.0, < 2.4.0fixed 2.4.0
n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended l

Page 2 of 4