{"url":"http://public2.vulnerablecode.io/api/packages/1030832?format=json","purl":"pkg:npm/n8n@2.15.0","type":"npm","namespace":"","name":"n8n","version":"2.15.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.20.7","latest_non_vulnerable_version":"2.22.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70598?format=json","vulnerability_id":"VCID-17dc-5ubt-g3e1","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against the connected database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42237","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1148","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11446","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11412","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11487","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42237"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42237","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42237"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx","reference_id":"GHSA-f3f2-mcxc-pwjx","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx"},{"reference_url":"https://github.com/advisories/GHSA-hp3c-vfpm-q4f7","reference_id":"GHSA-hp3c-vfpm-q4f7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hp3c-vfpm-q4f7"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7","reference_id":"GHSA-hp3c-vfpm-q4f7","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:17:33Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"},{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42237","GHSA-hp3c-vfpm-q4f7"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17dc-5ubt-g3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70147?format=json","vulnerability_id":"VCID-456j-q8xt-57e3","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field (e.g., from a webhook), an attacker could inject arbitrary SQL and exfiltrate data from the connected Oracle database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42233","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20087","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20063","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19896","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20068","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42233"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42233","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42233"},{"reference_url":"https://github.com/advisories/GHSA-r6jc-mpqw-m755","reference_id":"GHSA-r6jc-mpqw-m755","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6jc-mpqw-m755"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755","reference_id":"GHSA-r6jc-mpqw-m755","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:55Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"},{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42233","GHSA-r6jc-mpqw-m755"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-456j-q8xt-57e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360466?format=json","vulnerability_id":"VCID-63pn-hppa-13bx","summary":"n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints\n## Impact\nThe OAuth1 and OAuth2 credential reconnect endpoints authorized access using `credential:read` rather than `credential:update`. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control. Workflows relying on the affected credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of shared integrations.\n\nThis issue affects instances where credentials are shared with other users or across projects.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.21.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict credential sharing to fully trusted users only.\n- Audit shared credentials for unexpected OAuth token changes and revoke any tokens that may have been replaced.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45732","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13694","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1372","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13719","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45732"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-6h4j-wcr9-2vg7","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-6h4j-wcr9-2vg7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45732","reference_id":"CVE-2026-45732","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45732"},{"reference_url":"https://github.com/advisories/GHSA-6h4j-wcr9-2vg7","reference_id":"GHSA-6h4j-wcr9-2vg7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6h4j-wcr9-2vg7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375473?format=json","purl":"pkg:npm/n8n@2.20.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.20.7"},{"url":"http://public2.vulnerablecode.io/api/packages/376026?format=json","purl":"pkg:npm/n8n@2.21.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.21.1"}],"aliases":["CVE-2026-45732","GHSA-6h4j-wcr9-2vg7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63pn-hppa-13bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360401?format=json","vulnerability_id":"VCID-7fn6-gvxs-wygq","summary":"n8n: HTTP Request Node Pagination Prototype Pollution to RCE\n## Impact\nAn authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the HTTP Request node by adding `n8n-nodes-base.httpRequest` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44789","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15602","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15634","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15622","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44789"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-c8xv-5998-g76h","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-c8xv-5998-g76h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44789","reference_id":"CVE-2026-44789","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44789"},{"reference_url":"https://github.com/advisories/GHSA-c8xv-5998-g76h","reference_id":"GHSA-c8xv-5998-g76h","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c8xv-5998-g76h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375473?format=json","purl":"pkg:npm/n8n@2.20.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.20.7"},{"url":"http://public2.vulnerablecode.io/api/packages/375472?format=json","purl":"pkg:npm/n8n@2.22.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.22.1"}],"aliases":["CVE-2026-44789","GHSA-c8xv-5998-g76h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fn6-gvxs-wygq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360430?format=json","vulnerability_id":"VCID-8zpu-gnub-2bb8","summary":"n8n Has a Source Control Pull SQL Injection\n## Impact\nAn attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection on the internal PostgreSQL instance.\n\nExploitation requires all of the following conditions:\n- The n8n instance uses PostgreSQL as its database backend.\n- The Source Control feature is enabled and connected to a repository the attacker can write to.\n- An administrator triggers a Source Control Pull.\n\n## Patches\nThe issue has been fixed in n8n version 1.123.43, 2.20.7, and 2.21.1. Users should upgrade to this version or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Disable the Source Control feature if it is not actively required.\n- Restrict write access to the connected git repository to fully trusted users only.\n- Avoid pulling from repositories that may have been modified by untrusted parties.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44792","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.124","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1242","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12411","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44792"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mhrx-qhrj-673w","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mhrx-qhrj-673w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44792","reference_id":"CVE-2026-44792","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44792"},{"reference_url":"https://github.com/advisories/GHSA-mhrx-qhrj-673w","reference_id":"GHSA-mhrx-qhrj-673w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhrx-qhrj-673w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375473?format=json","purl":"pkg:npm/n8n@2.20.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.20.7"},{"url":"http://public2.vulnerablecode.io/api/packages/376026?format=json","purl":"pkg:npm/n8n@2.21.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.21.1"}],"aliases":["CVE-2026-44792","GHSA-mhrx-qhrj-673w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zpu-gnub-2bb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360302?format=json","vulnerability_id":"VCID-hx1p-thnm-4ud4","summary":"n8n Has an Arbitrary File Read via Git Node\n## Impact\nAn authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Git node by adding `n8n-nodes-base.git` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44790","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13518","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13545","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13542","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44790"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-57g9-58c2-xjg3","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-57g9-58c2-xjg3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44790","reference_id":"CVE-2026-44790","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44790"},{"reference_url":"https://github.com/advisories/GHSA-57g9-58c2-xjg3","reference_id":"GHSA-57g9-58c2-xjg3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57g9-58c2-xjg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375473?format=json","purl":"pkg:npm/n8n@2.20.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.20.7"},{"url":"http://public2.vulnerablecode.io/api/packages/375472?format=json","purl":"pkg:npm/n8n@2.22.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.22.1"}],"aliases":["CVE-2026-44790","GHSA-57g9-58c2-xjg3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hx1p-thnm-4ud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70447?format=json","vulnerability_id":"VCID-krxn-r6bc-cffu","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. The MCP enable/disable toggle gates MCP access but did not restrict client registrations, meaning the endpoint is reachable regardless of whether MCP access is enabled on the instance. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42236","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37494","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37306","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37507","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37483","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42236"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42236"},{"reference_url":"https://github.com/advisories/GHSA-49m9-pgww-9vq6","reference_id":"GHSA-49m9-pgww-9vq6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-49m9-pgww-9vq6"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6","reference_id":"GHSA-49m9-pgww-9vq6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:59:10Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"},{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42236","GHSA-49m9-pgww-9vq6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krxn-r6bc-cffu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360286?format=json","vulnerability_id":"VCID-n38u-498z-gke2","summary":"n8n Has an XML Node Prototype Pollution Patch Bypass\n## Impact\nAn authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44791","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14683","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14711","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14713","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44791"},{"reference_url":"https://github.com/advisories/GHSA-hqr4-h3xv-9m3r","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqr4-h3xv-9m3r"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-wrwr-h859-xh2r","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-wrwr-h859-xh2r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44791","reference_id":"CVE-2026-44791","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44791"},{"reference_url":"https://github.com/advisories/GHSA-wrwr-h859-xh2r","reference_id":"GHSA-wrwr-h859-xh2r","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wrwr-h859-xh2r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375473?format=json","purl":"pkg:npm/n8n@2.20.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.20.7"},{"url":"http://public2.vulnerablecode.io/api/packages/375472?format=json","purl":"pkg:npm/n8n@2.22.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.22.1"}],"aliases":["CVE-2026-44791","GHSA-wrwr-h859-xh2r"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n38u-498z-gke2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70296?format=json","vulnerability_id":"VCID-nhbw-hcq1-b3em","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforcing project membership checks, bypassing the authorization-aware service layer used by the internal enterprise controller. If variables were misused to store sensitive information such as credentials or tokens, they should be rotated immediately. This issue only affects licensed enterprise or team deployments with multiple projects and the variables feature enabled. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42227","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11895","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11872","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11812","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11896","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42227"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42227","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42227"},{"reference_url":"https://github.com/advisories/GHSA-756q-gq9h-fp22","reference_id":"GHSA-756q-gq9h-fp22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-756q-gq9h-fp22"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22","reference_id":"GHSA-756q-gq9h-fp22","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:26Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"},{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42227","GHSA-756q-gq9h-fp22"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbw-hcq1-b3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70393?format=json","vulnerability_id":"VCID-nva1-tjfr-ckb5","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42228","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25694","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25679","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25477","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25675","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42228"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42228","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42228"},{"reference_url":"https://github.com/advisories/GHSA-f77h-j2v7-g6mw","reference_id":"GHSA-f77h-j2v7-g6mw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f77h-j2v7-g6mw"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw","reference_id":"GHSA-f77h-j2v7-g6mw","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T13:47:46Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"},{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42228","GHSA-f77h-j2v7-g6mw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nva1-tjfr-ckb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70284?format=json","vulnerability_id":"VCID-rq3f-24px-ykfk","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirect_uri without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks \"Deny\" on the consent page, they are silently redirected to an external site. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42230","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17922","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17771","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17947","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17931","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42230"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42230","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42230"},{"reference_url":"https://github.com/advisories/GHSA-f6x8-65q6-j9m9","reference_id":"GHSA-f6x8-65q6-j9m9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6x8-65q6-j9m9"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9","reference_id":"GHSA-f6x8-65q6-j9m9","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:55:49Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"},{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42230","GHSA-f6x8-65q6-j9m9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rq3f-24px-ykfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70188?format=json","vulnerability_id":"VCID-su1t-s9q1-h7am","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42229","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20087","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20063","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19896","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.20068","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42229"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42229","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42229"},{"reference_url":"https://github.com/advisories/GHSA-mp4j-h6gh-f6mp","reference_id":"GHSA-mp4j-h6gh-f6mp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mp4j-h6gh-f6mp"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp","reference_id":"GHSA-mp4j-h6gh-f6mp","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T15:00:08Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"},{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63pn-hppa-13bx"},{"vulnerability":"VCID-7fn6-gvxs-wygq"},{"vulnerability":"VCID-8zpu-gnub-2bb8"},{"vulnerability":"VCID-hx1p-thnm-4ud4"},{"vulnerability":"VCID-n38u-498z-gke2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42229","GHSA-mp4j-h6gh-f6mp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-su1t-s9q1-h7am"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.15.0"}