Search for packages
| purl | pkg:npm/n8n@2.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2srm-ktga-w7hb
Aliases: CVE-2026-1470 GHSA-5xrp-6693-jjx9 |
n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3bk2-zvud-c7et
Aliases: CVE-2026-27493 GHSA-75g8-rv7v-32f7 |
n8n has Unauthenticated Expression Evaluation via Form Node A second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host. The vulnerability requires a specific workflow configuration to be exploitable: 1. A form node with a field interpolating a value provided by an unauthenticated user, e.g. a form submitted value. 2. The field value must begin with an `=` character, which caused n8n to treat it as an expression and triggered a double-evaluation of the field content. For example, a workflow uses a multi-step Form where a downstream Form node renders user-provided input back in an HTML field and precedes it with an `=` sign: `=<h2>Thank you, {{ $input.first().json[\"Name\"] }}!</h2>` There is no practical reason for a workflow designer to prefix a field with `=` intentionally — the character is not rendered in the output, so the result would not match the designer's expectations. If added accidentally, it would be noticeable and very unlikely to persist. An unauthenticated attacker would need to either know about this specific circumstance on a target instance or discover a matching form by chance. Even when the preconditions are met, the expression injection alone is limited to data accessible within the n8n expression context. Escalation to remote code execution requires chaining with a separate sandbox escape vulnerability. Due to these real-world constraints — the unlikely workflow configuration, the need for an additional sandbox escape, and the difficulty of discovery — we have assessed the severity as High rather than Critical, diverging from the base CVSS score to better reflect actual exploitability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3qs7-8ewt-j3aa
Aliases: CVE-2026-25053 GHSA-9g95-qf3f-ggrw |
n8n has OS Command Injection in Git Node Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. |
Affected by 1 other vulnerability. |
|
VCID-4w75-581c-3ycz
Aliases: GHSA-38c7-23hj-2wgq |
n8n has Webhook Forgery on Zendesk Trigger Node An attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject crafted payloads into the connected workflow. |
Affected by 0 other vulnerabilities. |
|
VCID-6f6h-nx37-fqbx
Aliases: CVE-2026-27498 GHSA-x2mw-7j39-93xq |
n8n has Arbitrary Command Execution via File Write and Git Operations An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary shell commands on the n8n host. |
Affected by 0 other vulnerabilities. |
|
VCID-akxw-urjb-qff8
Aliases: CVE-2026-25055 GHSA-m82q-59gv-mcr9 |
n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. |
Affected by 0 other vulnerabilities. |
|
VCID-axyq-35hd-skhq
Aliases: CVE-2026-27577 GHSA-vpcf-gvg4-6qwr |
n8n: Expression Sandbox Escape Leads to RCE Additional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp). An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dd53-wba6-f3c6
Aliases: CVE-2026-27497 GHSA-wxx7-mcgf-j869 |
n8n has Potential Remote Code Execution via Merge Node An authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-h82c-378t-aqb3
Aliases: CVE-2026-25056 GHSA-hv53-3329-vmrm |
n8n Merge Node has Arbitrary File Write leading to RCE A vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. |
Affected by 0 other vulnerabilities. |
|
VCID-j3t9-jkr4-7fbc
Aliases: CVE-2026-27578 GHSA-2p9h-rqjw-gm92 |
n8n Vulnerable to Stored XSS via Various Nodes An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes (Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node). Scripts injected by a malicious workflow execute in the browser of any user who visits the affected page, enabling session hijacking and account takeover. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ka79-3enj-fkew
Aliases: CVE-2026-27494 GHSA-mmgg-m5j7-f83h |
n8n has Arbitrary File Read via Python Code Node Sandbox Escape An authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. - Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-nafx-g818-nbb6
Aliases: CVE-2026-25049 GHSA-6cqr-8cfr-67f8 |
n8n Has Expression Escape Vulnerability Leading to RCE Additional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp). An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. |
Affected by 0 other vulnerabilities. |
|
VCID-srsg-ge6y-2ybu
Aliases: GHSA-jh8h-6c9q-7gmw |
n8n has an Authentication Bypass in its Chat Trigger Node When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented. - This issue requires the Chat Trigger node to be configured with n8n User Auth authentication (non-default). |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tfcu-w2ek-wkf9
Aliases: CVE-2026-27495 GHSA-jjpj-p2wh-qf23 |
n8n has a Sandbox Escape in its JavaScript Task Runner An authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. - Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-txf4-9gr1-ekcj
Aliases: CVE-2026-25054 GHSA-qpq4-pw7f-pp8w |
n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI A Cross-site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. |
Affected by 0 other vulnerabilities. |
|
VCID-upx4-rmwg-yqfz
Aliases: CVE-2026-25052 GHSA-gfvg-qv54-r4pc |
n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users A vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. |
Affected by 1 other vulnerability. |
|
VCID-wz7x-wqw3-wbg5
Aliases: GHSA-mqpr-49jj-32rc |
n8n: Webhook Forgery on Github Webhook Trigger An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliveries, allowing any party to spoof GitHub webhook events. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-kpes-f88x-vuhd | Self-hosted n8n has Legacy Code node that enables arbitrary file read/write In self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. This allows a workflow editor to perform actions on the n8n host with the same privileges as the n8n process, including: - Reading files from the host filesystem (subject to any file-access restrictions configured on the instance and OS/container permissions) - Writing files to the host filesystem (subject to the same restrictions) Starting with n8n version 1.2.1, access to files in the n8n home directory (`.n8n`) is blocked by default. However, this does not restrict access to other parts of the filesystem unless additional file access limitations are configured. |
CVE-2025-68697
GHSA-j4p8-h8mh-rh8q |
| VCID-vvwk-2kb6-fbf8 | n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. |
CVE-2025-68668
GHSA-62r4-hw23-cc8v |