N8n
by N8n Io
Source repositories
CVEs (86)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42230 | Med | 0.40 | 6.1 | 0.00 | May 4, 2026 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP… | ||
| CVE-2026-54304 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ## Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached… | ||
| CVE-2026-54305 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ## Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing… | ||
| CVE-2026-54307 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ## Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances… | ||
| CVE-2026-54302 | hig | 0.38 | — | 0.00 | Jun 16, 2026 | ## Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious `webhookId`. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's… | ||
| CVE-2026-33663 | Med | 0.35 | 6.5 | 0.00 | Mar 25, 2026 | n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials… | ||
| CVE-2026-56358 | med | 0.26 | — | 0.00 | Mar 27, 2026 | ## Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form,… | ||
| CVE-2026-56351 | med | 0.19 | — | 0.00 | Feb 26, 2026 | ## Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying… | ||
| CVE-2025-68613 | 0.16 | — | 0.98 | KEV | Dec 19, 2025 | n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions… | ||
| CVE-2026-0863 | 0.01 | — | 0.09 | Jan 18, 2026 | Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user… | |||
| CVE-2026-56357 | 0.00 | — | 0.00 | Jun 22, 2026 | n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data,… | |||
| CVE-2026-56348 | 0.00 | — | 0.00 | Jun 22, 2026 | n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue… | |||
| CVE-2026-54314 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Impact The Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing… | |||
| CVE-2026-54303 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Impact An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. ## Patches The… | |||
| CVE-2026-54311 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Impact An authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on the instance, prototype mutations introduced by… | |||
| CVE-2026-54306 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Impact A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a… | |||
| CVE-2026-54308 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Impact The `MicrosoftAgent365Trigger` and `StripeTrigger` node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. ## Patches… | |||
| CVE-2026-54313 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and… | |||
| CVE-2026-54310 | 0.00 | — | 0.00 | Jun 16, 2026 | ## Impact An authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the… | |||
| CVE-2026-49465 | 0.00 | — | 0.01 | Jun 16, 2026 | ## Impact An authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the `N8N_RESTRICT_FILE_ACCESS_TO` file… |
- risk 0.40cvss 6.1epss 0.00
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP…
- risk 0.38cvss —epss 0.00
## Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached…
- risk 0.38cvss —epss 0.00
## Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing…
- risk 0.38cvss —epss 0.00
## Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances…
- risk 0.38cvss —epss 0.00
## Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious `webhookId`. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's…
- risk 0.35cvss 6.5epss 0.00
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials…
- risk 0.26cvss —epss 0.00
## Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form,…
- risk 0.19cvss —epss 0.00
## Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying…
- risk 0.16cvss —epss 0.98
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions…
- CVE-2026-0863Jan 18, 2026risk 0.01cvss —epss 0.09
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user…
- CVE-2026-56357Jun 22, 2026risk 0.00cvss —epss 0.00
n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data,…
- CVE-2026-56348Jun 22, 2026risk 0.00cvss —epss 0.00
n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue…
- CVE-2026-54314Jun 16, 2026risk 0.00cvss —epss 0.00
## Impact The Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing…
- CVE-2026-54303Jun 16, 2026risk 0.00cvss —epss 0.00
## Impact An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. ## Patches The…
- CVE-2026-54311Jun 16, 2026risk 0.00cvss —epss 0.00
## Impact An authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on the instance, prototype mutations introduced by…
- CVE-2026-54306Jun 16, 2026risk 0.00cvss —epss 0.00
## Impact A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a…
- CVE-2026-54308Jun 16, 2026risk 0.00cvss —epss 0.00
## Impact The `MicrosoftAgent365Trigger` and `StripeTrigger` node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. ## Patches…
- CVE-2026-54313Jun 16, 2026risk 0.00cvss —epss 0.00
## Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and…
- CVE-2026-54310Jun 16, 2026risk 0.00cvss —epss 0.00
## Impact An authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the…
- CVE-2026-49465Jun 16, 2026risk 0.00cvss —epss 0.01
## Impact An authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the `N8N_RESTRICT_FILE_ACCESS_TO` file…
Page 2 of 5