VYPR

N8n

by N8n Io

npm: n8n

Source repositories

CVEs (86)

  • CVE-2026-42233CriMay 4, 2026
    risk 0.64cvss 9.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query…

  • CVE-2026-42235CriMay 4, 2026
    risk 0.62cvss 9.6epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user…

  • CVE-2026-44791criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. ## Patches The issue has been fixed in n8n versions 1.123.43,…

  • CVE-2026-44790criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. ## Patches The issue has been fixed in…

  • CVE-2026-44789criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. ## Patches The issue…

  • CVE-2026-42237HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table…

  • CVE-2026-42234HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner…

  • CVE-2026-42232HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes…

  • CVE-2026-42231HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.01

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission…

  • CVE-2026-42229HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or…

  • CVE-2026-42236HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could…

  • CVE-2026-42226HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared…

  • CVE-2026-54309higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact When `@n8n/mcp-browser` is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke…

  • CVE-2026-54312higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes `Object.prototype` process-wide for the lifetime of the n8n server…

  • CVE-2026-54301higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact An authenticated user with workflow edit access could configure a `Respond to Webhook` node to serve binary content with an attacker-controlled `Content-Type`. The binary response path bypassed the central `Content-Security-Policy` sandbox header, allowing a public…

  • CVE-2026-49444higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. ##…

  • CVE-2026-45732higMay 14, 2026
    risk 0.45cvss epss 0.00

    ## Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using `credential:read` rather than `credential:update`. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token…

  • CVE-2026-44792higMay 14, 2026
    risk 0.45cvss epss 0.00

    ## Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could…

  • CVE-2026-42228MedMay 4, 2026
    risk 0.42cvss 6.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution.…

  • CVE-2026-42227MedMay 4, 2026
    risk 0.42cvss 6.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter…

Page 1 of 5