VYPR

Vendor CVEs

N8n Io

All CVEs

86 total · sorted by risk
  • CVE-2026-42233CriMay 4, 2026
    risk 0.64cvss 9.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query…

  • CVE-2026-42235CriMay 4, 2026
    risk 0.62cvss 9.6epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user…

  • CVE-2026-44791criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. ## Patches The issue has been fixed in n8n versions 1.123.43,…

  • CVE-2026-44790criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. ## Patches The issue has been fixed in…

  • CVE-2026-44789criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. ## Patches The issue…

  • CVE-2026-42237HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table…

  • CVE-2026-42234HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner…

  • CVE-2026-42232HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes…

  • CVE-2026-42231HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.01

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission…

  • CVE-2026-42229HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or…

  • CVE-2026-42236HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could…

  • CVE-2026-42226HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared…

  • CVE-2026-54309higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact When `@n8n/mcp-browser` is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke…

  • CVE-2026-54312higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes `Object.prototype` process-wide for the lifetime of the n8n server…

  • CVE-2026-54301higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact An authenticated user with workflow edit access could configure a `Respond to Webhook` node to serve binary content with an attacker-controlled `Content-Type`. The binary response path bypassed the central `Content-Security-Policy` sandbox header, allowing a public…

  • CVE-2026-49444higJun 16, 2026
    risk 0.45cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. ##…

  • CVE-2026-45732higMay 14, 2026
    risk 0.45cvss epss 0.00

    ## Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using `credential:read` rather than `credential:update`. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token…

  • CVE-2026-44792higMay 14, 2026
    risk 0.45cvss epss 0.00

    ## Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could…

  • CVE-2026-42228MedMay 4, 2026
    risk 0.42cvss 6.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution.…

  • CVE-2026-42227MedMay 4, 2026
    risk 0.42cvss 6.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter…

  • CVE-2026-42230MedMay 4, 2026
    risk 0.40cvss 6.1epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP…

  • CVE-2026-54304higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached…

  • CVE-2026-54305higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing…

  • CVE-2026-54307higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances…

  • CVE-2026-54302higJun 16, 2026
    risk 0.38cvss epss 0.00

    ## Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious `webhookId`. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's…

  • CVE-2026-33663MedMar 25, 2026
    risk 0.35cvss 6.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials…

  • CVE-2026-56358medMar 27, 2026
    risk 0.26cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form,…

  • CVE-2026-56351medFeb 26, 2026
    risk 0.19cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying…

  • CVE-2025-68613KEVDec 19, 2025
    risk 0.16cvss epss 0.98

    n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions…

  • CVE-2026-0863Jan 18, 2026
    risk 0.01cvss epss 0.09

    Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via the Code block by an authenticated user…

  • CVE-2026-56357Jun 22, 2026
    risk 0.00cvss epss 0.00

    n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data,…

  • CVE-2026-56348Jun 22, 2026
    risk 0.00cvss epss 0.00

    n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue…

  • CVE-2026-54314Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Impact The Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing…

  • CVE-2026-54303Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Impact An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. ## Patches The…

  • CVE-2026-54311Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on the instance, prototype mutations introduced by…

  • CVE-2026-54306Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Impact A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a…

  • CVE-2026-54308Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Impact The `MicrosoftAgent365Trigger` and `StripeTrigger` node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. ## Patches…

  • CVE-2026-54313Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and…

  • CVE-2026-54310Jun 16, 2026
    risk 0.00cvss epss 0.00

    ## Impact An authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the…

  • CVE-2026-49465Jun 16, 2026
    risk 0.00cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the `N8N_RESTRICT_FILE_ACCESS_TO` file…

  • CVE-2026-33751Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In…

  • CVE-2026-33749Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data`…

  • CVE-2026-33724Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the…

  • CVE-2026-33722Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential.…

  • CVE-2026-33720Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a…

  • CVE-2026-33713Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements…

  • CVE-2026-33696Mar 25, 2026
    risk 0.00cvss epss 0.01

    n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted…

  • CVE-2026-33665Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated…

  • CVE-2026-33660Mar 25, 2026
    risk 0.00cvss epss 0.01

    n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code…

  • CVE-2026-27496Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain…

Page 1 of 2