Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/508936?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/508936?format=api", "purl": "pkg:npm/n8n@0.105.0", "type": "npm", "namespace": "", "name": "n8n", "version": "0.105.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.123.33", "latest_non_vulnerable_version": "2.22.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91018?format=api", "vulnerability_id": "VCID-1n3j-672w-p3f9", "summary": "n8n has SQL Injection in Data Table Node via orderByColumn Expression\n## Impact\nAn authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement execution is possible, enabling data modification and deletion.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.26, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Data Table node by adding `n8n-nodes-base.dataTable` to the `NODES_EXCLUDE` environment variable.\n- Review existing workflows for Data Table Get nodes where `orderByColumn` is set to an expression that incorporates external or user-supplied input.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0671", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06753", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06764", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06712", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06761", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33713" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T17:58:32Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33713", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33713" }, { "reference_url": "https://github.com/advisories/GHSA-98c2-4cr3-4jc3", "reference_id": "GHSA-98c2-4cr3-4jc3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98c2-4cr3-4jc3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113023?format=api", "purl": "pkg:npm/n8n@1.123.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/113026?format=api", "purl": "pkg:npm/n8n@2.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/113025?format=api", "purl": "pkg:npm/n8n@2.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1" } ], "aliases": [ "CVE-2026-33713", "GHSA-98c2-4cr3-4jc3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "8.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1n3j-672w-p3f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49862?format=api", "vulnerability_id": "VCID-2srm-ktga-w7hb", "summary": "n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution\nn8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.\n\nAn authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02265", "scoring_system": "epss", "scoring_elements": "0.84948", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02265", "scoring_system": "epss", "scoring_elements": "0.84964", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02265", "scoring_system": "epss", "scoring_elements": "0.84959", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02265", "scoring_system": "epss", "scoring_elements": "0.84963", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02265", "scoring_system": "epss", "scoring_elements": "0.84957", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1470" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-27T14:35:25Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04" }, { "reference_url": "https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1470", "reference_id": "CVE-2026-1470", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1470" }, { "reference_url": "https://github.com/advisories/GHSA-5xrp-6693-jjx9", "reference_id": "GHSA-5xrp-6693-jjx9", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5xrp-6693-jjx9" }, { "reference_url": "https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/", "reference_id": "n8n-expression-node-rce", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-27T14:35:25Z/" } ], "url": "https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73642?format=api", "purl": "pkg:npm/n8n@1.123.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/73643?format=api", "purl": "pkg:npm/n8n@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/73644?format=api", "purl": "pkg:npm/n8n@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.1" } ], "aliases": [ "CVE-2026-1470", "GHSA-5xrp-6693-jjx9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2srm-ktga-w7hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90289?format=api", "vulnerability_id": "VCID-2ucg-22n6-n3ag", "summary": "n8n has XML Node Prototype Pollution that to RCE\n## Impact\nAn authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44983", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44971", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.4502", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45016", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42232" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-04T19:41:11Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42232", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42232" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42232", "GHSA-hqr4-h3xv-9m3r" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ucg-22n6-n3ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57569?format=api", "vulnerability_id": "VCID-36c3-y4z7-e3ds", "summary": "n8n Vulnerable to Denial of Service via Malformed Binary Data Requests\nDenial of Service vulnerability in `/rest/binary-data` endpoint when processing empty filesystem URIs (`filesystem://` or `filesystem-v2://`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.5289", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52914", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52935", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52929", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52915", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49595" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/43c52a8b4f844e91b02e3cc9df92826a2d7b6052", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T13:10:37Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/43c52a8b4f844e91b02e3cc9df92826a2d7b6052" }, { "reference_url": "https://github.com/n8n-io/n8n/pull/16229", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T13:10:37Z/" } ], "url": "https://github.com/n8n-io/n8n/pull/16229" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49595", "reference_id": "CVE-2025-49595", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49595" }, { "reference_url": "https://github.com/advisories/GHSA-pr9r-gxgp-9rm8", "reference_id": "GHSA-pr9r-gxgp-9rm8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pr9r-gxgp-9rm8" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-pr9r-gxgp-9rm8", "reference_id": "GHSA-pr9r-gxgp-9rm8", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T13:10:37Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-pr9r-gxgp-9rm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85626?format=api", "purl": "pkg:npm/n8n@1.99.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-44pc-rawj-d3h2" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4ue9-c8h9-77dv" }, { "vulnerability": "VCID-4vcw-jab8-rucz" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-6yhw-qkax-fke8" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-hfcq-67j2-vkgw" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kkcp-3tf9-5fgn" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mvfm-gndx-s3hm" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nfgy-3fhb-8ycu" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-sp9a-8ufw-fyde" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vmda-x2qu-kfbj" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-zuq8-jyty-d7ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.99.0" } ], "aliases": [ "CVE-2025-49595", "GHSA-pr9r-gxgp-9rm8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36c3-y4z7-e3ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91658?format=api", "vulnerability_id": "VCID-38wy-4z9b-gfeh", "summary": "n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition\n## Impact\nAn authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) belonging to other users on the same instance.\n\nThe attack abuses a name-based credential resolution path that does not enforce ownership or project scope, combined with a bypass in the credentials permission checker that causes generic HTTP credential types to be skipped during pre-execution validation. Together, these flaws allow a member-role user to resolve another user's credential ID and execute a workflow that decrypts and uses that credential without authorization.\n\nNative integration credential types (e.g. `slackApi`, `openAiApi`, `postgres`) are not affected by this issue.\n\nThis vulnerability affects Community Edition only. Enterprise Edition has additional permission gates on workflow creation and execution that independently block this attack chain.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict instance access to fully trusted users only.\n- Audit credentials stored on the instance and rotate any generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) that may have been exposed.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06387", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06433", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06442", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06394", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06451", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33663" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-m63j-689w-3j35", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:51:35Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-m63j-689w-3j35" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33663", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33663" }, { "reference_url": "https://github.com/advisories/GHSA-m63j-689w-3j35", "reference_id": "GHSA-m63j-689w-3j35", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m63j-689w-3j35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113096?format=api", "purl": "pkg:npm/n8n@1.123.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/113026?format=api", "purl": "pkg:npm/n8n@2.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/113025?format=api", "purl": "pkg:npm/n8n@2.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1" } ], "aliases": [ "CVE-2026-33663", "GHSA-m63j-689w-3j35" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "8.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38wy-4z9b-gfeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50394?format=api", "vulnerability_id": "VCID-3bk2-zvud-c7et", "summary": "n8n has Unauthenticated Expression Evaluation via Form Node\nA second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host.\n\nThe vulnerability requires a specific workflow configuration to be exploitable:\n1. A form node with a field interpolating a value provided by an unauthenticated user, e.g. a form submitted value.\n2. The field value must begin with an `=` character, which caused n8n to treat it as an expression and triggered a double-evaluation of the field content.\nFor example, a workflow uses a multi-step Form where a downstream Form node renders user-provided input back in an HTML field and precedes it with an `=` sign:\n`=<h2>Thank you, {{ $input.first().json[\\\"Name\\\"] }}!</h2>`\n\nThere is no practical reason for a workflow designer to prefix a field with `=` intentionally — the character is not rendered in the output, so the result would not match the designer's expectations. If added accidentally, it would be noticeable and very unlikely to persist. An unauthenticated attacker would need to either know about this specific circumstance on a target instance or discover a matching form by chance.\n\nEven when the preconditions are met, the expression injection alone is limited to data accessible within the n8n expression context. Escalation to remote code execution requires chaining with a separate sandbox escape vulnerability.\n\nDue to these real-world constraints — the unlikely workflow configuration, the need for an additional sandbox escape, and the difficulty of discovery — we have assessed the severity as High rather than Critical, diverging from the base CVSS score to better reflect actual exploitability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50337", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50318", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50347", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50366", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50358", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27493" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/562d867483e871b0f1e31776252e23bd721df75b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/562d867483e871b0f1e31776252e23bd721df75b" }, { "reference_url": "https://github.com/n8n-io/n8n/issues/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/" } ], "url": "https://github.com/n8n-io/n8n/issues/19" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27493", "reference_id": "CVE-2026-27493", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27493" }, { "reference_url": "https://github.com/advisories/GHSA-75g8-rv7v-32f7", "reference_id": "GHSA-75g8-rv7v-32f7", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75g8-rv7v-32f7" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7", "reference_id": "GHSA-75g8-rv7v-32f7", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74243?format=api", "purl": "pkg:npm/n8n@1.123.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/921521?format=api", "purl": "pkg:npm/n8n@2.0.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4npn-u9tm-cbdf" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-j14e-dqu7-skhq" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mufz-qjvu-9beq" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-y8cg-qfgf-f3hz" }, { "vulnerability": "VCID-zq5v-f87w-pqh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/74244?format=api", "purl": "pkg:npm/n8n@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74245?format=api", "purl": "pkg:npm/n8n@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1" } ], "aliases": [ "CVE-2026-27493", "GHSA-75g8-rv7v-32f7" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3bk2-zvud-c7et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50424?format=api", "vulnerability_id": "VCID-3fs8-b1v9-7qeb", "summary": "n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes\nAn authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted table or column names, an attacker could inject arbitrary SQL because the MySQL, PostgreSQL, and Microsoft SQL nodes did not escape identifier values when constructing queries, enabling injection through node configuration parameters.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/f73fae6fe7fc34907bba102648a9997186aa4385", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/f73fae6fe7fc34907bba102648a9997186aa4385" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n%402.4.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n%402.4.0" }, { "reference_url": "https://github.com/advisories/GHSA-f3f2-mcxc-pwjx", "reference_id": "GHSA-f3f2-mcxc-pwjx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f3f2-mcxc-pwjx" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx", "reference_id": "GHSA-f3f2-mcxc-pwjx", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73850?format=api", "purl": "pkg:npm/n8n@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.0" } ], "aliases": [ "GHSA-f3f2-mcxc-pwjx" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3fs8-b1v9-7qeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50003?format=api", "vulnerability_id": "VCID-3qs7-8ewt-j3aa", "summary": "n8n has OS Command Injection in Git Node\nVulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08037", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09447", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09416", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09474", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09489", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25053" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25053", "reference_id": "CVE-2026-25053", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25053" }, { "reference_url": "https://github.com/advisories/GHSA-9g95-qf3f-ggrw", "reference_id": "GHSA-9g95-qf3f-ggrw", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9g95-qf3f-ggrw" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw", "reference_id": "GHSA-9g95-qf3f-ggrw", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:18Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73847?format=api", "purl": "pkg:npm/n8n@1.123.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/73641?format=api", "purl": "pkg:npm/n8n@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.0" } ], "aliases": [ "CVE-2026-25053", "GHSA-9g95-qf3f-ggrw" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qs7-8ewt-j3aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88997?format=api", "vulnerability_id": "VCID-4axp-5smx-g7bc", "summary": "n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration\n## Impact\nThe MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. The MCP enable/disable toggle gates MCP access but did not restrict client registrations, meaning the endpoint is reachable regardless of whether MCP access is enabled on the instance.\n\nThe patches address the unbound registration with an upper bound of registered clients and disabling creation when MCP is disabled on the instance. Mean to restrict the payload size of requests already exist and can be used to control additional risks.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict network access to the n8n instance to prevent requests from untrusted sources.\n- Reduce the maximum accepted payload size by lowering the `N8N_PAYLOAD_SIZE_MAX` environment variable from its default value.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37315", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37258", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37244", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37282", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37309", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42236" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:59:10Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42236", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42236" }, { "reference_url": "https://github.com/advisories/GHSA-49m9-pgww-9vq6", "reference_id": "GHSA-49m9-pgww-9vq6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49m9-pgww-9vq6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42236", "GHSA-49m9-pgww-9vq6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4axp-5smx-g7bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57563?format=api", "vulnerability_id": "VCID-4ue9-c8h9-77dv", "summary": "n8n is vulnerable to Improper Authorization through its `/stop` endpoint\nAn authorization vulnerability was discovered in the `/rest/executions/:id/stop` endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55986", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55984", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55963", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55979", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00327", "scoring_system": "epss", "scoring_elements": "0.55992", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52554" }, { "reference_url": "https://github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d661ade2f45d587d9469bc287e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T20:18:06Z/" } ], "url": "https://github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d661ade2f45d587d9469bc287e1" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/e5edc60e344924230baafb11fa1f0af788e9ca9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T20:18:06Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/e5edc60e344924230baafb11fa1f0af788e9ca9a" }, { "reference_url": "https://github.com/n8n-io/n8n/pull/16405", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T20:18:06Z/" } ], "url": "https://github.com/n8n-io/n8n/pull/16405" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52554", "reference_id": "CVE-2025-52554", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52554" }, { "reference_url": "https://github.com/advisories/GHSA-gq57-v332-7666", "reference_id": "GHSA-gq57-v332-7666", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gq57-v332-7666" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-gq57-v332-7666", "reference_id": "GHSA-gq57-v332-7666", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T20:18:06Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-gq57-v332-7666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85617?format=api", "purl": "pkg:npm/n8n@1.99.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-44pc-rawj-d3h2" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4vcw-jab8-rucz" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-6yhw-qkax-fke8" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-hfcq-67j2-vkgw" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kkcp-3tf9-5fgn" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mvfm-gndx-s3hm" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nfgy-3fhb-8ycu" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-sp9a-8ufw-fyde" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vmda-x2qu-kfbj" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-zuq8-jyty-d7ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.99.1" } ], "aliases": [ "CVE-2025-52554", "GHSA-gq57-v332-7666" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ue9-c8h9-77dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57909?format=api", "vulnerability_id": "VCID-4vcw-jab8-rucz", "summary": "n8n symlink traversal vulnerability in \"Read/Write File\" node allows access to restricted files\nA symlink traversal vulnerability was discovered in the `Read/Write File` node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the `Execute Command` node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of _n8n.cloud_ are not impacted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37137", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39065", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39094", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39049", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39038", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57749" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/c2c3e08cdf33570d9051e659812cbfbdd3c077fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/c2c3e08cdf33570d9051e659812cbfbdd3c077fd" }, { "reference_url": "https://github.com/n8n-io/n8n/pull/17735", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T14:43:03Z/" } ], "url": "https://github.com/n8n-io/n8n/pull/17735" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57749", "reference_id": "CVE-2025-57749", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57749" }, { "reference_url": "https://github.com/advisories/GHSA-ggjm-f3g4-rwmm", "reference_id": "GHSA-ggjm-f3g4-rwmm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ggjm-f3g4-rwmm" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm", "reference_id": "GHSA-ggjm-f3g4-rwmm", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T14:43:03Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86158?format=api", "purl": "pkg:npm/n8n@1.106.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-44pc-rawj-d3h2" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-6yhw-qkax-fke8" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-hfcq-67j2-vkgw" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kkcp-3tf9-5fgn" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mvfm-gndx-s3hm" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nfgy-3fhb-8ycu" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-sp9a-8ufw-fyde" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vmda-x2qu-kfbj" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-zuq8-jyty-d7ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.106.0" } ], "aliases": [ "CVE-2025-57749", "GHSA-ggjm-f3g4-rwmm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vcw-jab8-rucz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50414?format=api", "vulnerability_id": "VCID-4w75-581c-3ycz", "summary": "n8n has Webhook Forgery on Zendesk Trigger Node\nAn attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject crafted payloads into the connected workflow.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/3839e310bd4c3002c646c363d1411916fa195151", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/3839e310bd4c3002c646c363d1411916fa195151" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/c6520e4e87614fa60c9433e93019e211f19f65f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/c6520e4e87614fa60c9433e93019e211f19f65f9" }, { "reference_url": "https://github.com/advisories/GHSA-38c7-23hj-2wgq", "reference_id": "GHSA-38c7-23hj-2wgq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38c7-23hj-2wgq" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-38c7-23hj-2wgq", "reference_id": "GHSA-38c7-23hj-2wgq", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-38c7-23hj-2wgq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73856?format=api", "purl": "pkg:npm/n8n@1.123.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/74301?format=api", "purl": "pkg:npm/n8n@2.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.6.2" } ], "aliases": [ "GHSA-38c7-23hj-2wgq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4w75-581c-3ycz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90883?format=api", "vulnerability_id": "VCID-5dtu-z3ww-c3hx", "summary": "n8n Has External Secrets Authorization Bypass in Credential Saving\n## Impact\nAn authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the `externalSecret:list` permission check and allowed access to secrets stored in connected vaults without admin or owner privileges.\n\n- This issue requires the instance to have an external secrets vault configured.\n- The attacker must know or be able to guess the name of a target secret.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.23 and 2.6.4. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict n8n access to fully trusted users only.\n- Disable external secrets integration until the patch can be applied.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04462", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0445", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04428", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04474", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04481", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33722" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-fxcw-h3qj-8m8p", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-28T01:28:29Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-fxcw-h3qj-8m8p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33722", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33722" }, { "reference_url": "https://github.com/advisories/GHSA-fxcw-h3qj-8m8p", "reference_id": "GHSA-fxcw-h3qj-8m8p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxcw-h3qj-8m8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112778?format=api", "purl": "pkg:npm/n8n@1.123.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/112779?format=api", "purl": "pkg:npm/n8n@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.6.4" } ], "aliases": [ "CVE-2026-33722", "GHSA-fxcw-h3qj-8m8p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dtu-z3ww-c3hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50377?format=api", "vulnerability_id": "VCID-6f6h-nx37-fqbx", "summary": "n8n has Arbitrary Command Execution via File Write and Git Operations\nAn authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary shell commands on the n8n host.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00594", "scoring_system": "epss", "scoring_elements": "0.69702", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00594", "scoring_system": "epss", "scoring_elements": "0.6968", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00594", "scoring_system": "epss", "scoring_elements": "0.69691", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00594", "scoring_system": "epss", "scoring_elements": "0.69694", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27498" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/97365caf253978ba8e46d7bc53fa7ac3b6f67b32", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/97365caf253978ba8e46d7bc53fa7ac3b6f67b32" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/e22acaab3dcb2004e5fe0bf9ef2db975bde61866", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/e22acaab3dcb2004e5fe0bf9ef2db975bde61866" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.8" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.2.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27498", "reference_id": "CVE-2026-27498", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27498" }, { "reference_url": "https://github.com/advisories/GHSA-x2mw-7j39-93xq", "reference_id": "GHSA-x2mw-7j39-93xq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2mw-7j39-93xq" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-x2mw-7j39-93xq", "reference_id": "GHSA-x2mw-7j39-93xq", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-x2mw-7j39-93xq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74259?format=api", "purl": "pkg:npm/n8n@1.123.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73353?format=api", "purl": "pkg:npm/n8n@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.2.0" } ], "aliases": [ "CVE-2026-27498", "GHSA-x2mw-7j39-93xq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6f6h-nx37-fqbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47981?format=api", "vulnerability_id": "VCID-6yhw-qkax-fke8", "summary": "n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host\nThe `Execute Command` node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully trusted.\n\nAn attacker—either a malicious user or someone who has compromised a legitimate user account—could exploit this node to run arbitrary commands on the host machine, potentially leading to data exfiltration, service disruption, or full system compromise.\n\nThis vulnerability affects all n8n deployments where:\n\n- The `Execute Command` node is enabled, and\n- Not all user accounts are strictly controlled and trusted.\n\nn8n.cloud is **not** impacted.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/advisories/GHSA-365g-vjw2-grx8", "reference_id": "GHSA-365g-vjw2-grx8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-365g-vjw2-grx8" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-365g-vjw2-grx8", "reference_id": "GHSA-365g-vjw2-grx8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-365g-vjw2-grx8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/509521?format=api", "purl": "pkg:npm/n8n@1.115.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-44pc-rawj-d3h2" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-hfcq-67j2-vkgw" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kkcp-3tf9-5fgn" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-zuq8-jyty-d7ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.115.0" } ], "aliases": [ "GHSA-365g-vjw2-grx8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yhw-qkax-fke8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91068?format=api", "vulnerability_id": "VCID-74fh-jbha-m7d7", "summary": "n8n Vulnerable to LDAP Filter Injection in LDAP Node\n## Impact\nA flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow.\n\nExploitation requires a specific workflow configuration:\n- The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook).\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable.\n- Avoid passing unvalidated external user input into LDAP node search parameters via expressions.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05214", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05254", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0526", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05259", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33751" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:10:55Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33751", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33751" }, { "reference_url": "https://github.com/advisories/GHSA-w83q-mcmx-mh42", "reference_id": "GHSA-w83q-mcmx-mh42", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w83q-mcmx-mh42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113096?format=api", "purl": "pkg:npm/n8n@1.123.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/113026?format=api", "purl": "pkg:npm/n8n@2.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/113025?format=api", "purl": "pkg:npm/n8n@2.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1" } ], "aliases": [ "CVE-2026-33751", "GHSA-w83q-mcmx-mh42" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74fh-jbha-m7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91492?format=api", "vulnerability_id": "VCID-7rw7-zc4s-huaq", "summary": "n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK\n## Impact\nWhen the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an OAuth flow against a credential object the attacker controls, causing the victim's OAuth tokens to be stored in the attacker's credential. The attacker can then use those tokens to execute workflows in their name.\n\n- This issue only affects instances where `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true` is explicitly configured (non-default).\n\n## Patches\nThe issue has been fixed in n8n version 2.8.0. Users should upgrade to this version or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Avoid enabling `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true` unless strictly required.\n- Restrict access to the n8n instance to fully trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0293", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02837", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0287", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02886", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02938", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33720" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-vpgc-2f6g-7w7x", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:07:38Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-vpgc-2f6g-7w7x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33720", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33720" }, { "reference_url": "https://github.com/advisories/GHSA-vpgc-2f6g-7w7x", "reference_id": "GHSA-vpgc-2f6g-7w7x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vpgc-2f6g-7w7x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74323?format=api", "purl": "pkg:npm/n8n@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.8.0" } ], "aliases": [ "CVE-2026-33720", "GHSA-vpgc-2f6g-7w7x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rw7-zc4s-huaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57540?format=api", "vulnerability_id": "VCID-8f8n-pt6z-ebhn", "summary": "n8n allows open redirects via the /signin endpoint\nThis is an Open Redirect (CWE-601) vulnerability in the login flow of n8n. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter.\n\nThis may lead to:\n\n- Phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com)\n- Credential or 2FA theft if users are tricked into re-entering sensitive information\n- Reputation risk due to the visual similarity between attacker-controlled domains and trusted ones\n\nThe vulnerability affects anyone hosting n8n and exposing the `/signin` endpoint to users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39234", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39247", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.3929", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39284", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39262", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49592" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/4865d1e360a0fe7b045e295b5e1a29daad12314e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T19:56:57Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/4865d1e360a0fe7b045e295b5e1a29daad12314e" }, { "reference_url": "https://github.com/n8n-io/n8n/pull/16034", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T19:56:57Z/" } ], "url": "https://github.com/n8n-io/n8n/pull/16034" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n%401.98.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T19:56:57Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n%401.98.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49592", "reference_id": "CVE-2025-49592", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49592" }, { "reference_url": "https://github.com/advisories/GHSA-5vj6-wjr7-5v9f", "reference_id": "GHSA-5vj6-wjr7-5v9f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vj6-wjr7-5v9f" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-5vj6-wjr7-5v9f", "reference_id": "GHSA-5vj6-wjr7-5v9f", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T19:56:57Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-5vj6-wjr7-5v9f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85586?format=api", "purl": "pkg:npm/n8n@1.98.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-36c3-y4z7-e3ds" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-44pc-rawj-d3h2" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4ue9-c8h9-77dv" }, { "vulnerability": "VCID-4vcw-jab8-rucz" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-6yhw-qkax-fke8" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-ew4m-seb1-j3fa" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-hfcq-67j2-vkgw" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kkcp-3tf9-5fgn" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mvfm-gndx-s3hm" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nfgy-3fhb-8ycu" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-sp9a-8ufw-fyde" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vmda-x2qu-kfbj" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-zuq8-jyty-d7ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.98.0" } ], "aliases": [ "CVE-2025-49592", "GHSA-5vj6-wjr7-5v9f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8f8n-pt6z-ebhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50005?format=api", "vulnerability_id": "VCID-akxw-urjb-qff8", "summary": "n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node\nWhen workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems.\n\nAs a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37764", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39313", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.393", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39329", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39357", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25055" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/528ad6b982d0519ec170e172f57b7fdbbe175230", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/528ad6b982d0519ec170e172f57b7fdbbe175230" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/e0baf48c6a54808f6dbca8cb352bfa306092c223", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/e0baf48c6a54808f6dbca8cb352bfa306092c223" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25055", "reference_id": "CVE-2026-25055", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25055" }, { "reference_url": "https://github.com/advisories/GHSA-m82q-59gv-mcr9", "reference_id": "GHSA-m82q-59gv-mcr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m82q-59gv-mcr9" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9", "reference_id": "GHSA-m82q-59gv-mcr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:20Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73851?format=api", "purl": "pkg:npm/n8n@1.123.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73850?format=api", "purl": "pkg:npm/n8n@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.0" } ], "aliases": [ "CVE-2026-25055", "GHSA-m82q-59gv-mcr9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akxw-urjb-qff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91717?format=api", "vulnerability_id": "VCID-ardd-vu45-uba8", "summary": "n8n has XSS in Chat Trigger Node through Custom CSS\n## Impact\nAn authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the `sanitize-html` library, the sanitization could be bypassed, resulting in stored XSS on the public chat page. Any user visiting the chat URL would be affected.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Chat Trigger node by adding `@n8n/n8n-nodes-langchain.chatTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279" }, { "reference_url": "https://github.com/advisories/GHSA-3c7f-5hgj-h279", "reference_id": "GHSA-3c7f-5hgj-h279", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3c7f-5hgj-h279" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113096?format=api", "purl": "pkg:npm/n8n@1.123.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/113026?format=api", "purl": "pkg:npm/n8n@2.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/113025?format=api", "purl": "pkg:npm/n8n@2.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1" } ], "aliases": [ "GHSA-3c7f-5hgj-h279" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ardd-vu45-uba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50375?format=api", "vulnerability_id": "VCID-axyq-35hd-skhq", "summary": "n8n: Expression Sandbox Escape Leads to RCE\nAdditional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp).\nAn authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38803", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38827", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38831", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38786", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38775", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27577" }, { "reference_url": "https://docs.n8n.io/hosting/securing/overview", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/" } ], "url": "https://docs.n8n.io/hosting/securing/overview" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27577", "reference_id": "CVE-2026-27577", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27577" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp", "reference_id": "GHSA-v98v-ff95-f3cp", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp" }, { "reference_url": "https://github.com/advisories/GHSA-vpcf-gvg4-6qwr", "reference_id": "GHSA-vpcf-gvg4-6qwr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vpcf-gvg4-6qwr" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr", "reference_id": "GHSA-vpcf-gvg4-6qwr", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74243?format=api", "purl": "pkg:npm/n8n@1.123.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/921521?format=api", "purl": "pkg:npm/n8n@2.0.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4npn-u9tm-cbdf" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-j14e-dqu7-skhq" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mufz-qjvu-9beq" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-y8cg-qfgf-f3hz" }, { "vulnerability": "VCID-zq5v-f87w-pqh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/74244?format=api", "purl": "pkg:npm/n8n@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74245?format=api", "purl": "pkg:npm/n8n@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1" } ], "aliases": [ "CVE-2026-27577", "GHSA-vpcf-gvg4-6qwr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axyq-35hd-skhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90145?format=api", "vulnerability_id": "VCID-bbmg-r6ze-dugs", "summary": "n8n has SQL Injection in Snowflake and MySQL Nodes\n## Impact\nThe fix for [GHSA-f3f2-mcxc-pwjx](https://github.com/advisories/GHSA-f3f2-mcxc-pwjx) did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against the connected database.\n\nExploitation requires a specific workflow configuration:\n- The Snowflake or MySQL v1 node must be used with user-controlled input passed via expressions (e.g., from a form or webhook) into identifier fields such as table name, column name, or update key.\n\nSuccessful exploitation could allow data exfiltration, modification, or deletion on the downstream database.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Migrate workflows from the legacy MySQL v1 node to the MySQL v2 node, which already implements identifier escaping.\n- Disable the Snowflake node by adding `n8n-nodes-base.snowflake` to the `NODES_EXCLUDE` environment variable.\n- Avoid passing unvalidated external user input into table name, column name, or update key fields via expressions in the affected nodes.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11439", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11319", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11399", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11436", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11335", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42237" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:17:33Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42237", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42237" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx", "reference_id": "GHSA-f3f2-mcxc-pwjx", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx" }, { "reference_url": "https://github.com/advisories/GHSA-hp3c-vfpm-q4f7", "reference_id": "GHSA-hp3c-vfpm-q4f7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hp3c-vfpm-q4f7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42237", "GHSA-hp3c-vfpm-q4f7" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbmg-r6ze-dugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91816?format=api", "vulnerability_id": "VCID-bf5s-ucsz-rbgp", "summary": "n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode\n## Impact\nAn authenticated user with permission to create or modify workflows could use the Merge node's \"Combine by SQL\" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the intance.\n\n## Patches\nThe issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2373", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2363", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23684", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23745", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23637", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33660" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-28T01:26:07Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33660", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33660" }, { "reference_url": "https://github.com/advisories/GHSA-58qr-rcgv-642v", "reference_id": "GHSA-58qr-rcgv-642v", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-58qr-rcgv-642v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113096?format=api", "purl": "pkg:npm/n8n@1.123.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/113026?format=api", "purl": "pkg:npm/n8n@2.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/113025?format=api", "purl": "pkg:npm/n8n@2.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1" } ], "aliases": [ "CVE-2026-33660", "GHSA-58qr-rcgv-642v" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bf5s-ucsz-rbgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50364?format=api", "vulnerability_id": "VCID-dd53-wba6-f3c6", "summary": "n8n has Potential Remote Code Execution via Merge Node\nAn authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22914", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22804", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22855", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22899", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22807", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27497" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27497", "reference_id": "CVE-2026-27497", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27497" }, { "reference_url": "https://github.com/advisories/GHSA-wxx7-mcgf-j869", "reference_id": "GHSA-wxx7-mcgf-j869", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wxx7-mcgf-j869" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869", "reference_id": "GHSA-wxx7-mcgf-j869", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74243?format=api", "purl": "pkg:npm/n8n@1.123.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/921521?format=api", "purl": "pkg:npm/n8n@2.0.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4npn-u9tm-cbdf" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-j14e-dqu7-skhq" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mufz-qjvu-9beq" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-y8cg-qfgf-f3hz" }, { "vulnerability": "VCID-zq5v-f87w-pqh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/74244?format=api", "purl": "pkg:npm/n8n@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74245?format=api", "purl": "pkg:npm/n8n@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1" } ], "aliases": [ "CVE-2026-27497", "GHSA-wxx7-mcgf-j869" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dd53-wba6-f3c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89096?format=api", "vulnerability_id": "VCID-ejke-qxks-u3gc", "summary": "n8n Vulnerable to XSS via MCP OAuth client\n## Impact\nAn unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim's authenticated n8n browser session, enabling credential and session token theft, workflow manipulation, or privilege escalation.\n\n## Patches\nThis issue has been fixed in n8n version 2.14.2. Users should upgrade to this version or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict access to the n8n instance and the MCP OAuth registration endpoint to trusted users only.\n- Disable MCP server functionality if it is not actively required.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.2978", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29758", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29746", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29812", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29849", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42235" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-537j-gqpc-p7fq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:39:57Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-537j-gqpc-p7fq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42235", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42235" }, { "reference_url": "https://github.com/advisories/GHSA-537j-gqpc-p7fq", "reference_id": "GHSA-537j-gqpc-p7fq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-537j-gqpc-p7fq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42235", "GHSA-537j-gqpc-p7fq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ejke-qxks-u3gc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89368?format=api", "vulnerability_id": "VCID-fwxr-8gw5-9fgx", "summary": "n8n has Open Redirect in MCP OAuth Consent Flow\n## Impact\nThe `/mcp-oauth/register` endpoint accepted OAuth client registrations without authentication, allowing arbitrary `redirect_uri` values to be registered. When a user denies the MCP OAuth consent dialog, the `handleDeny` handler redirects the user to the registered `redirect_uri` without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks \"Deny\" on the consent page, they are silently redirected to an external site.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict network access to the n8n instance to prevent untrusted users from reaching the MCP OAuth endpoints.\n- Limit access to the n8n instance to fully trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17776", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17685", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17668", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17742", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17781", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42230" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:55:49Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42230", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42230" }, { "reference_url": "https://github.com/advisories/GHSA-f6x8-65q6-j9m9", "reference_id": "GHSA-f6x8-65q6-j9m9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f6x8-65q6-j9m9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42230", "GHSA-f6x8-65q6-j9m9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwxr-8gw5-9fgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91129?format=api", "vulnerability_id": "VCID-fz16-2act-hqg7", "summary": "n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE\n## Impact\nAn authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the GSuiteAdmin node. By supplying a crafted parameter as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance.\n\n## Patches\nThe issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43512", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43455", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43488", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43501", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43463", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33696" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T20:08:10Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33696", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33696" }, { "reference_url": "https://github.com/advisories/GHSA-mxrg-77hm-89hv", "reference_id": "GHSA-mxrg-77hm-89hv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mxrg-77hm-89hv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113096?format=api", "purl": "pkg:npm/n8n@1.123.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/113026?format=api", "purl": "pkg:npm/n8n@2.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/113025?format=api", "purl": "pkg:npm/n8n@2.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1" } ], "aliases": [ "CVE-2026-33696", "GHSA-mxrg-77hm-89hv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fz16-2act-hqg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89899?format=api", "vulnerability_id": "VCID-gbpq-vzwt-ykep", "summary": "n8n has SQL Injection in Oracle Database Node via Limit Field\n## Impact\nA flaw in the Oracle Database node's select operation allowed user-controlled input passed into the `Limit` field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the `Limit` field (e.g., from a webhook), an attacker could inject arbitrary SQL and exfiltrate data from the connected Oracle database.\n\nExploitation requires a specific workflow configuration:\n- The Oracle Database node must be used with user-controlled input passed via expressions into the `Limit` field.\n- Authentication requirements depend on the workflow's configuration (e.g., an unauthenticated webhook endpoint would allow unauthenticated exploitation).\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Oracle Database node by adding `n8n-nodes-base.oracleDatabase` to the `NODES_EXCLUDE` environment variable.\n- Avoid passing unvalidated external user input into the Oracle Database node's `Limit` field via expressions.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19865", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1982", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19798", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19906", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19913", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42233" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:55Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42233", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42233" }, { "reference_url": "https://github.com/advisories/GHSA-r6jc-mpqw-m755", "reference_id": "GHSA-r6jc-mpqw-m755", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6jc-mpqw-m755" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42233", "GHSA-r6jc-mpqw-m755" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbpq-vzwt-ykep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89812?format=api", "vulnerability_id": "VCID-gvjm-hukc-93f8", "summary": "n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE\n## Impact\nA flaw in the `xml2js` library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node's SSH operations, achieve remote code execution on the n8n host.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.65012", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.65006", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64988", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.65", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.65002", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42231" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-04T20:17:57Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42231", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42231" }, { "reference_url": "https://github.com/advisories/GHSA-q5f4-99jv-pgg5", "reference_id": "GHSA-q5f4-99jv-pgg5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5f4-99jv-pgg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42231", "GHSA-q5f4-99jv-pgg5" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvjm-hukc-93f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89528?format=api", "vulnerability_id": "VCID-h7b1-xmu3-wbc1", "summary": "n8n Vulnerable to Hijacking of Unauthenticated Chat Execution\n## Impact\nThe `/chat` WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior.\n\nExploitation requires the following conditions:\n- The instance exposes a public Hosted Chat workflow with authentication set to `None`.\n- A target execution is in a waiting state at the time of the attack.\n- The attacker can obtain or discover the execution ID of that waiting execution.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Enable authentication on all Chat Trigger nodes by setting the Authentication field to `n8n User Auth` rather than `None`.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25491", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25441", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25432", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25536", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25549", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42228" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T13:47:46Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42228", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42228" }, { "reference_url": "https://github.com/advisories/GHSA-f77h-j2v7-g6mw", "reference_id": "GHSA-f77h-j2v7-g6mw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f77h-j2v7-g6mw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42228", "GHSA-f77h-j2v7-g6mw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h7b1-xmu3-wbc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50013?format=api", "vulnerability_id": "VCID-h82c-378t-aqb3", "summary": "n8n Merge Node has Arbitrary File Write leading to RCE\nA vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41044", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45308", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45295", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45322", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45341", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25056" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25056", "reference_id": "CVE-2026-25056", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25056" }, { "reference_url": "https://github.com/advisories/GHSA-hv53-3329-vmrm", "reference_id": "GHSA-hv53-3329-vmrm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hv53-3329-vmrm" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm", "reference_id": "GHSA-hv53-3329-vmrm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:17Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73865?format=api", "purl": "pkg:npm/n8n@1.118.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-44pc-rawj-d3h2" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-hfcq-67j2-vkgw" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kkcp-3tf9-5fgn" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-zuq8-jyty-d7ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.118.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/73850?format=api", "purl": "pkg:npm/n8n@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.0" } ], "aliases": [ "CVE-2026-25056", "GHSA-hv53-3329-vmrm" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h82c-378t-aqb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50396?format=api", "vulnerability_id": "VCID-j3t9-jkr4-7fbc", "summary": "n8n Vulnerable to Stored XSS via Various Nodes\nAn authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes (Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node). Scripts injected by a malicious workflow execute in the browser of any user who visits the affected page, enabling session hijacking and account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09863", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09831", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09916", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09943", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09928", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27578" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27578", "reference_id": "CVE-2026-27578", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27578" }, { "reference_url": "https://github.com/advisories/GHSA-2p9h-rqjw-gm92", "reference_id": "GHSA-2p9h-rqjw-gm92", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p9h-rqjw-gm92" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92", "reference_id": "GHSA-2p9h-rqjw-gm92", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74243?format=api", "purl": "pkg:npm/n8n@1.123.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/921521?format=api", "purl": "pkg:npm/n8n@2.0.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4npn-u9tm-cbdf" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-j14e-dqu7-skhq" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mufz-qjvu-9beq" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-y8cg-qfgf-f3hz" }, { "vulnerability": "VCID-zq5v-f87w-pqh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/74244?format=api", "purl": "pkg:npm/n8n@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74245?format=api", "purl": "pkg:npm/n8n@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1" } ], "aliases": [ "CVE-2026-27578", "GHSA-2p9h-rqjw-gm92" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j3t9-jkr4-7fbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50392?format=api", "vulnerability_id": "VCID-ka79-3enj-fkew", "summary": "n8n has Arbitrary File Read via Python Code Node Sandbox Escape\nAn authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE.\n\nOn instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner.\n\n- Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25641", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.2565", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25544", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25535", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25594", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27494" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27494", "reference_id": "CVE-2026-27494", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27494" }, { "reference_url": "https://github.com/advisories/GHSA-mmgg-m5j7-f83h", "reference_id": "GHSA-mmgg-m5j7-f83h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mmgg-m5j7-f83h" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h", "reference_id": "GHSA-mmgg-m5j7-f83h", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74243?format=api", "purl": "pkg:npm/n8n@1.123.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/921521?format=api", "purl": "pkg:npm/n8n@2.0.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4npn-u9tm-cbdf" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-j14e-dqu7-skhq" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mufz-qjvu-9beq" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-y8cg-qfgf-f3hz" }, { "vulnerability": "VCID-zq5v-f87w-pqh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/74244?format=api", "purl": "pkg:npm/n8n@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74245?format=api", "purl": "pkg:npm/n8n@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1" } ], "aliases": [ "CVE-2026-27494", "GHSA-mmgg-m5j7-f83h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "8.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ka79-3enj-fkew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91862?format=api", "vulnerability_id": "VCID-m8k1-g6g5-qbfs", "summary": "n8n: Authenticated XSS and Open Redirect via Form Node\n## Impact\nAn authenticated user with permission to create or modify workflows could configure a Form Node with an unsanitized HTML description field or exploit an overly permissive iframe sandbox policy to perform stored cross-site scripting or redirect end users visiting the form to an arbitrary external URL. The vulnerability could be used to facilitate phishing attacks.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.24, 2.10.4 and 2.12.0. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable.\n- Disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c" }, { "reference_url": "https://github.com/advisories/GHSA-w673-8fjw-457c", "reference_id": "GHSA-w673-8fjw-457c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w673-8fjw-457c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114357?format=api", "purl": "pkg:npm/n8n@1.123.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/114356?format=api", "purl": "pkg:npm/n8n@2.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/114355?format=api", "purl": "pkg:npm/n8n@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.12.0" } ], "aliases": [ "GHSA-w673-8fjw-457c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8k1-g6g5-qbfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49512?format=api", "vulnerability_id": "VCID-mvfm-gndx-s3hm", "summary": "n8n's Possible Stored XSS in \"Respond to Webhook\" Node May Execute Outside iframe Sandbox\nA stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the “Respond to Webhook” node.\nWhen this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced in version 1.103.0.\n\nThis behavior can enable a malicious actor with workflow creation permissions to execute arbitrary JavaScript in the context of the n8n editor interface.\n\nWhile session cookies (`n8n-auth`) are marked `HttpOnly` and cannot be directly exfiltrated, the vulnerability can facilitate Cross-Site Request Forgery (CSRF)-like actions from within the user’s authenticated session, potentially allowing:\n\n- Unauthorized reading of sensitive workflow data or execution history.\n- Unauthorized modification or deletion of workflows.\n- Insertion of malicious workflow logic or external data exfiltration steps.\n\nn8n instances that allow untrusted users to create workflows are particularly impacted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61914", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00705", "published_at": "2026-06-09T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00703", "published_at": "2026-06-08T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00708", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61914" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61914", "reference_id": "CVE-2025-61914", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61914" }, { "reference_url": "https://github.com/advisories/GHSA-58jc-rcg5-95f3", "reference_id": "GHSA-58jc-rcg5-95f3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-58jc-rcg5-95f3" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-58jc-rcg5-95f3", "reference_id": "GHSA-58jc-rcg5-95f3", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-26T21:54:28Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-58jc-rcg5-95f3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73104?format=api", "purl": "pkg:npm/n8n@1.114.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-44pc-rawj-d3h2" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-6yhw-qkax-fke8" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-hfcq-67j2-vkgw" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kkcp-3tf9-5fgn" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-sp9a-8ufw-fyde" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-zuq8-jyty-d7ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.114.0" } ], "aliases": [ "CVE-2025-61914", "GHSA-58jc-rcg5-95f3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mvfm-gndx-s3hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50015?format=api", "vulnerability_id": "VCID-nafx-g818-nbb6", "summary": "n8n Has Expression Escape Vulnerability Leading to RCE\nAdditional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp).\n\nAn authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14342", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16813", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16796", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16877", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16914", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25049" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:21Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d54b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:21Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d54b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25049", "reference_id": "CVE-2026-25049", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25049" }, { "reference_url": "https://github.com/advisories/GHSA-6cqr-8cfr-67f8", "reference_id": "GHSA-6cqr-8cfr-67f8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6cqr-8cfr-67f8" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8", "reference_id": "GHSA-6cqr-8cfr-67f8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:21Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73642?format=api", "purl": "pkg:npm/n8n@1.123.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/73868?format=api", "purl": "pkg:npm/n8n@2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.2" } ], "aliases": [ "CVE-2026-25049", "GHSA-6cqr-8cfr-67f8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nafx-g818-nbb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91244?format=api", "vulnerability_id": "VCID-nazv-a4as-fkgk", "summary": "n8n Vulnerable to XSS via Binary Data Inline HTML Rendering\n## Impact\nAn authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endpoint served such responses inline on the n8n origin without `Content-Disposition` or `Content-Security-Policy` headers, allowing the HTML to render in the browser with full same-origin JavaScript access.\n\nBy sending the resulting URL to a higher-privileged user, an attacker could execute JavaScript in the victim's authenticated session, enabling exfiltration of workflows and credentials, modification of workflows, or privilege escalation to admin.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Restrict network access to the n8n instance to prevent untrusted users from accessing binary data URLs.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15887", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15823", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15801", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15929", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1594", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33749" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:07:00Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33749", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33749" }, { "reference_url": "https://github.com/advisories/GHSA-qfc3-hm4j-7q77", "reference_id": "GHSA-qfc3-hm4j-7q77", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qfc3-hm4j-7q77" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113096?format=api", "purl": "pkg:npm/n8n@1.123.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/113026?format=api", "purl": "pkg:npm/n8n@2.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/113025?format=api", "purl": "pkg:npm/n8n@2.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1" } ], "aliases": [ "CVE-2026-33749", "GHSA-qfc3-hm4j-7q77" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nazv-a4as-fkgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89412?format=api", "vulnerability_id": "VCID-nf1f-y3be-pyaq", "summary": "n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay\n## Impact\nThe `dynamic-node-parameters` endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supply a foreign credential ID in the request body, causing the backend to decrypt and use that credential in a helper execution path where the caller also controls the destination URL. This allowed the caller to force the backend to authenticate against attacker-controlled infrastructure using a credential belonging to another user, effectively exfiltrating a reusable API key.\n\nThe issue is not limited to any single node type; any node that resolves credentials dynamically through these endpoints may be affected.\n\n## Patches\nThe issue has been fixed in n8n version 2.18.0. Users should upgrade to this version or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict n8n access to fully trusted users only.\n- Avoid sharing workflows with users who should not have access to the credentials those workflows reference.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20166", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20114", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.201", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20205", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20213", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42226" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:L/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-r4v6-9fqc-w5jr", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:L/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:41:42Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-r4v6-9fqc-w5jr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42226", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:L/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42226" }, { "reference_url": "https://github.com/advisories/GHSA-r4v6-9fqc-w5jr", "reference_id": "GHSA-r4v6-9fqc-w5jr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r4v6-9fqc-w5jr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110582?format=api", "purl": "pkg:npm/n8n@1.123.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/110581?format=api", "purl": "pkg:npm/n8n@2.17.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.5" } ], "aliases": [ "CVE-2026-42226", "GHSA-r4v6-9fqc-w5jr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf1f-y3be-pyaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48292?format=api", "vulnerability_id": "VCID-nfgy-3fhb-8ycu", "summary": "n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook\nA remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution.\n\nThis allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows.\n\nAll users with workflows that utilize the Git Node to clone untrusted repositories are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44748", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44729", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44716", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44768", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44762", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62726" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T18:19:00Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997" }, { "reference_url": "https://github.com/n8n-io/n8n/pull/19559", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T18:19:00Z/" } ], "url": "https://github.com/n8n-io/n8n/pull/19559" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62726", "reference_id": "CVE-2025-62726", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62726" }, { "reference_url": "https://github.com/advisories/GHSA-xgp7-7qjq-vg47", "reference_id": "GHSA-xgp7-7qjq-vg47", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xgp7-7qjq-vg47" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47", "reference_id": "GHSA-xgp7-7qjq-vg47", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T18:19:00Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71286?format=api", "purl": "pkg:npm/n8n@1.113.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-44pc-rawj-d3h2" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-6yhw-qkax-fke8" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-hfcq-67j2-vkgw" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kkcp-3tf9-5fgn" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mvfm-gndx-s3hm" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-sp9a-8ufw-fyde" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-zuq8-jyty-d7ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.113.0" } ], "aliases": [ "CVE-2025-62726", "GHSA-xgp7-7qjq-vg47" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfgy-3fhb-8ycu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91420?format=api", "vulnerability_id": "VCID-rh43-8ugj-ufe3", "summary": "n8n has In-Process Memory Disclosure in its Task Runner\n## Impact\nAn authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens — resulting in information disclosure of sensitive in-process data.\n- Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`.\n- In external runner mode, the impact is limited to data within the external runner process.\n\n## Patches\nThe issue has been fixed in n8n versions >= 1.123.22, >= 2.10.1 , and >= 2.9.3. Users should upgrade to this version or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Use external runner mode (`N8N_RUNNERS_MODE=external`) to isolate the runner process.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12637", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12607", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12688", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12728", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12725", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27496" }, { "reference_url": "https://docs.n8n.io/hosting/configuration/task-runners", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/" } ], "url": "https://docs.n8n.io/hosting/configuration/task-runners" }, { "reference_url": "https://docs.n8n.io/hosting/securing/blocking-nodes", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/" } ], "url": "https://docs.n8n.io/hosting/securing/blocking-nodes" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-xvh5-5qg4-x9qp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-xvh5-5qg4-x9qp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27496", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27496" }, { "reference_url": "https://github.com/advisories/GHSA-xvh5-5qg4-x9qp", "reference_id": "GHSA-xvh5-5qg4-x9qp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvh5-5qg4-x9qp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74243?format=api", "purl": "pkg:npm/n8n@1.123.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/74244?format=api", "purl": "pkg:npm/n8n@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74245?format=api", "purl": "pkg:npm/n8n@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1" } ], "aliases": [ "CVE-2026-27496", "GHSA-xvh5-5qg4-x9qp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rh43-8ugj-ufe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50425?format=api", "vulnerability_id": "VCID-srsg-ge6y-2ybu", "summary": "n8n has an Authentication Bypass in its Chat Trigger Node\nWhen the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented.\n- This issue requires the Chat Trigger node to be configured with n8n User Auth authentication (non-default).", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e" }, { "reference_url": "https://github.com/advisories/GHSA-jh8h-6c9q-7gmw", "reference_id": "GHSA-jh8h-6c9q-7gmw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh8h-6c9q-7gmw" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw", "reference_id": "GHSA-jh8h-6c9q-7gmw", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74243?format=api", "purl": "pkg:npm/n8n@1.123.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/74244?format=api", "purl": "pkg:npm/n8n@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74245?format=api", "purl": "pkg:npm/n8n@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1" } ], "aliases": [ "GHSA-jh8h-6c9q-7gmw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-srsg-ge6y-2ybu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50002?format=api", "vulnerability_id": "VCID-tbqs-6hwf-yffz", "summary": "n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS\nA Cross-site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy (CSP) sandbox protection intended to isolate HTML responses may not be applied correctly.\n\nAn authenticated user with permission to create or modify workflows could abuse this to execute malicious scripts with same-origin privileges when other users interact with the crafted workflow. This could lead to session hijacking and account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02516", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03949", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03933", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03961", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03972", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25051" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef7323", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:22Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef7323" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:22Z/" } ], "url": "https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25051", "reference_id": "CVE-2026-25051", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25051" }, { "reference_url": "https://github.com/advisories/GHSA-825q-w924-xhgx", "reference_id": "GHSA-825q-w924-xhgx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-825q-w924-xhgx" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx", "reference_id": "GHSA-825q-w924-xhgx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:22Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73846?format=api", "purl": "pkg:npm/n8n@1.122.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.122.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/73845?format=api", "purl": "pkg:npm/n8n@1.123.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.2" } ], "aliases": [ "CVE-2026-25051", "GHSA-825q-w924-xhgx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tbqs-6hwf-yffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50352?format=api", "vulnerability_id": "VCID-tfcu-w2ek-wkf9", "summary": "n8n has a Sandbox Escape in its JavaScript Task Runner\nAn authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary.\n\nOn instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner.\n- Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27977", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27854", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27847", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27891", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27927", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27495" }, { "reference_url": "https://docs.n8n.io/hosting/configuration/task-runners", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/" } ], "url": "https://docs.n8n.io/hosting/configuration/task-runners" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27495", "reference_id": "CVE-2026-27495", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27495" }, { "reference_url": "https://github.com/advisories/GHSA-jjpj-p2wh-qf23", "reference_id": "GHSA-jjpj-p2wh-qf23", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjpj-p2wh-qf23" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23", "reference_id": "GHSA-jjpj-p2wh-qf23", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74243?format=api", "purl": "pkg:npm/n8n@1.123.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/921521?format=api", "purl": "pkg:npm/n8n@2.0.0-rc.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4npn-u9tm-cbdf" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-j14e-dqu7-skhq" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mufz-qjvu-9beq" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-y8cg-qfgf-f3hz" }, { "vulnerability": "VCID-zq5v-f87w-pqh3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/74244?format=api", "purl": "pkg:npm/n8n@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/74245?format=api", "purl": "pkg:npm/n8n@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1" } ], "aliases": [ "CVE-2026-27495", "GHSA-jjpj-p2wh-qf23" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfcu-w2ek-wkf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91005?format=api", "vulnerability_id": "VCID-ts5h-by8q-4ybw", "summary": "n8n has a Stored XSS Vulnerability in its Form Trigger\n## Impact\nAn authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form, enabling form submission hijacking and phishing. The existing Content Security Policy prevents direct n8n session cookie theft but does not prevent script execution or form action manipulation.\n\n## Patches\nThe issue has been fixed in n8n versions 2.12.0, 2.11.2, and 1.123.25. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g" }, { "reference_url": "https://github.com/advisories/GHSA-q4fm-pjq6-m63g", "reference_id": "GHSA-q4fm-pjq6-m63g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4fm-pjq6-m63g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113008?format=api", "purl": "pkg:npm/n8n@1.123.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/113006?format=api", "purl": "pkg:npm/n8n@2.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.11.2" } ], "aliases": [ "GHSA-q4fm-pjq6-m63g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ts5h-by8q-4ybw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50409?format=api", "vulnerability_id": "VCID-ttr7-jtyj-4ufp", "summary": "n8n has a Guardrail Node Bypass\nAn end user interacting with a workflow that uses the Guardrail node could craft an input that bypasses the default guardrail instructions.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/8d0251d1deef256fd3d9176f05dedab62afde918", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/8d0251d1deef256fd3d9176f05dedab62afde918" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.0" }, { "reference_url": "https://github.com/advisories/GHSA-fvfv-ppw4-7h2w", "reference_id": "GHSA-fvfv-ppw4-7h2w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fvfv-ppw4-7h2w" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w", "reference_id": "GHSA-fvfv-ppw4-7h2w", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74242?format=api", "purl": "pkg:npm/n8n@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.0" } ], "aliases": [ "GHSA-fvfv-ppw4-7h2w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttr7-jtyj-4ufp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50004?format=api", "vulnerability_id": "VCID-txf4-9gr1-ekcj", "summary": "n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI\nA Cross-site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content.\n\nAn authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02515", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03948", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03932", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03972", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0396", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25054" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25054", "reference_id": "CVE-2026-25054", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25054" }, { "reference_url": "https://github.com/advisories/GHSA-qpq4-pw7f-pp8w", "reference_id": "GHSA-qpq4-pw7f-pp8w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpq4-pw7f-pp8w" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-qpq4-pw7f-pp8w", "reference_id": "GHSA-qpq4-pw7f-pp8w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:21Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-qpq4-pw7f-pp8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73849?format=api", "purl": "pkg:npm/n8n@1.123.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/73848?format=api", "purl": "pkg:npm/n8n@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.2.1" } ], "aliases": [ "CVE-2026-25054", "GHSA-qpq4-pw7f-pp8w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txf4-9gr1-ekcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50008?format=api", "vulnerability_id": "VCID-upx4-rmwg-yqfz", "summary": "n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users\nA vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05362", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06449", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06441", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06487", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06497", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25052" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25052", "reference_id": "CVE-2026-25052", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25052" }, { "reference_url": "https://github.com/advisories/GHSA-gfvg-qv54-r4pc", "reference_id": "GHSA-gfvg-qv54-r4pc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gfvg-qv54-r4pc" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc", "reference_id": "GHSA-gfvg-qv54-r4pc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:20Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73856?format=api", "purl": "pkg:npm/n8n@1.123.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/73641?format=api", "purl": "pkg:npm/n8n@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.0" } ], "aliases": [ "CVE-2026-25052", "GHSA-gfvg-qv54-r4pc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upx4-rmwg-yqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89408?format=api", "vulnerability_id": "VCID-uz4t-m6tu-cuf3", "summary": "n8n has a Python Task Runner Sandbox Escape Vulnerability\n## Impact\nAn authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.\n\n- This issue only affects instances where the Python Task Runner is enabled.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Python Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable, or disable the Python Task Runner entirely.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26494", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.2639", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26385", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26442", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26484", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42234" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-44v6-jhgm-p3m4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T03:56:38Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-44v6-jhgm-p3m4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42234", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42234" }, { "reference_url": "https://github.com/advisories/GHSA-44v6-jhgm-p3m4", "reference_id": "GHSA-44v6-jhgm-p3m4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-44v6-jhgm-p3m4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42234", "GHSA-44v6-jhgm-p3m4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uz4t-m6tu-cuf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89931?format=api", "vulnerability_id": "VCID-vn1a-guqa-5fc3", "summary": "n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure\n## Impact\nAn authenticated user with a valid API key scoped to `variable:list` could read variables from projects they are not a member of by supplying an arbitrary `projectId` query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforcing project membership checks, bypassing the authorization-aware service layer used by the internal enterprise controller. \n\nIf variables were misused to store sensitive information such as credentials or tokens, they should be rotated immediately.\n\nThis issue only affects licensed enterprise or team deployments with multiple projects and the variables feature enabled.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n\n- Restrict n8n access and API key issuance to fully trusted users only.\n- Audit existing project variables for sensitive values and rotate any secrets that may have been exposed.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11846", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11736", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11724", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11806", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1184", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42227" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:26Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42227", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42227" }, { "reference_url": "https://github.com/advisories/GHSA-756q-gq9h-fp22", "reference_id": "GHSA-756q-gq9h-fp22", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-756q-gq9h-fp22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42227", "GHSA-756q-gq9h-fp22" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vn1a-guqa-5fc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91655?format=api", "vulnerability_id": "VCID-vz7j-zkq3-zybm", "summary": "n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no\n## Impact\nWhen the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key, potentially injecting malicious content into workflows or intercepting repository data.\n\n- This issue only affects instances where the Source Control feature has been explicitly enabled and configured to use SSH (non-default).\n\n## Patches\nThe issue has been fixed in n8n version 2.5.0. Users should upgrade to this version or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Disable the Source Control feature if it is not actively required.\n- Restrict network access to ensure the n8n instance communicates with the Git server only over trusted, controlled network paths.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04321", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04349", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04359", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04341", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0437", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33724" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-43v7-fp2v-68f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:05:11Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-43v7-fp2v-68f6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33724", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33724" }, { "reference_url": "https://github.com/advisories/GHSA-43v7-fp2v-68f6", "reference_id": "GHSA-43v7-fp2v-68f6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43v7-fp2v-68f6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73641?format=api", "purl": "pkg:npm/n8n@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.0" } ], "aliases": [ "CVE-2026-33724", "GHSA-43v7-fp2v-68f6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vz7j-zkq3-zybm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90288?format=api", "vulnerability_id": "VCID-w1wa-4kd7-abfm", "summary": "n8n has SQL Injection in SeaTable Node\n## Impact\nA flaw in the SeaTable node's `row:search` and `row:get` operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow.\n\nExploitation requires a specific workflow configuration:\n- The SeaTable node must be used with user-controlled input passed via expressions (e.g., from a form or webhook) into the `searchTerm` or `rowId` parameters.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the SeaTable node by adding `n8n-nodes-base.seaTable` to the `NODES_EXCLUDE` environment variable.\n- Avoid passing unvalidated external user input into SeaTable node search or row retrieval parameters via expressions.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19913", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1982", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19798", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19865", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19906", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42229" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T15:00:08Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42229", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42229" }, { "reference_url": "https://github.com/advisories/GHSA-mp4j-h6gh-f6mp", "reference_id": "GHSA-mp4j-h6gh-f6mp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mp4j-h6gh-f6mp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109888?format=api", "purl": "pkg:npm/n8n@1.123.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/109892?format=api", "purl": "pkg:npm/n8n@2.17.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nf1f-y3be-pyaq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109890?format=api", "purl": "pkg:npm/n8n@2.18.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1" } ], "aliases": [ "CVE-2026-42229", "GHSA-mp4j-h6gh-f6mp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1wa-4kd7-abfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50423?format=api", "vulnerability_id": "VCID-wz7x-wqw3-wbg5", "summary": "n8n: Webhook Forgery on Github Webhook Trigger\nAn attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliveries, allowing any party to spoof GitHub webhook events.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/a19347a6bc9a96d5065ac77d25a811e46178c578", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/a19347a6bc9a96d5065ac77d25a811e46178c578" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/afe322325502f448b33bff1db1575e4447c28a36", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/afe322325502f448b33bff1db1575e4447c28a36" }, { "reference_url": "https://github.com/advisories/GHSA-mqpr-49jj-32rc", "reference_id": "GHSA-mqpr-49jj-32rc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqpr-49jj-32rc" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mqpr-49jj-32rc", "reference_id": "GHSA-mqpr-49jj-32rc", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mqpr-49jj-32rc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74320?format=api", "purl": "pkg:npm/n8n@1.123.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/73641?format=api", "purl": "pkg:npm/n8n@2.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.0" } ], "aliases": [ "GHSA-mqpr-49jj-32rc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wz7x-wqw3-wbg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91050?format=api", "vulnerability_id": "VCID-x1ad-c3rb-c3g7", "summary": "n8n has XSS in its Credential Management Flow\n## Impact\nAn authenticated user with permission to create and share credentials could craft a malicious OAuth2 credential containing a JavaScript URL in the Authorization URL field. If a victim opened the credential and interacted with the OAuth authorization button, the injected script would execute in their browser session.\n\n## Patches\nThe issue has been fixed in n8n versions 2.8.0 and 2.6.4. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit credential creation and sharing permissions to fully trusted users only.\n- Restrict access to the n8n instance to trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-364x-8g5j-x2pr", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-364x-8g5j-x2pr" }, { "reference_url": "https://github.com/advisories/GHSA-364x-8g5j-x2pr", "reference_id": "GHSA-364x-8g5j-x2pr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-364x-8g5j-x2pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112779?format=api", "purl": "pkg:npm/n8n@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/74323?format=api", "purl": "pkg:npm/n8n@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.8.0" } ], "aliases": [ "GHSA-364x-8g5j-x2pr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ad-c3rb-c3g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50429?format=api", "vulnerability_id": "VCID-x4dc-p13b-h3aa", "summary": "n8n has an SSO Enforcement Bypass in its Self-Service Settings API\nAn authenticated user signed in through Single Sign-On (SSO) could disable SSO enforcement for their own account through the n8n API. This allowed the user to create a local password and authenticate directly with email and password, completely bypassing the organization's SSO policy, centralized identity management, and any identity-provider-enforced multi-factor authentication.", "references": [ { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/a70b2ea379086da3de103bb84811e88cadf29976", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/a70b2ea379086da3de103bb84811e88cadf29976" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.8.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n@2.8.0" }, { "reference_url": "https://github.com/advisories/GHSA-vjf3-2gpj-233v", "reference_id": "GHSA-vjf3-2gpj-233v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjf3-2gpj-233v" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-vjf3-2gpj-233v", "reference_id": "GHSA-vjf3-2gpj-233v", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-vjf3-2gpj-233v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74323?format=api", "purl": "pkg:npm/n8n@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.8.0" } ], "aliases": [ "GHSA-vjf3-2gpj-233v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4dc-p13b-h3aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91893?format=api", "vulnerability_id": "VCID-x9cb-9vev-9ucv", "summary": "n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover\n## Impact\nWhen LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email — including an administrator's — and upon login gain full access to that account. The account linkage persisted even if the LDAP email was later reverted, resulting in a permanent account takeover.\n\n- LDAP authentication must be configured and active (non-default).\n\n## Patches\nThe issue has been fixed in n8n versions 2.4.0 and 1.121.0. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Disable LDAP authentication until the instance can be upgraded.\n- Restrict LDAP directory permissions so that users cannot modify their own email attributes.\n- Audit existing LDAP-linked accounts for unexpected account associations.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0903", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09089", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0911", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09059", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09093", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33665" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-c545-x2rh-82fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T14:55:43Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-c545-x2rh-82fc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33665", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33665" }, { "reference_url": "https://github.com/advisories/GHSA-c545-x2rh-82fc", "reference_id": "GHSA-c545-x2rh-82fc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c545-x2rh-82fc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73068?format=api", "purl": "pkg:npm/n8n@1.121.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.121.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/73850?format=api", "purl": "pkg:npm/n8n@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.0" } ], "aliases": [ "CVE-2026-33665", "GHSA-c545-x2rh-82fc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9cb-9vev-9ucv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50000?format=api", "vulnerability_id": "VCID-y36r-uemx-hkhk", "summary": "n8n has a Python sandbox escape\nA vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary.\n\nOnly authenticated users are able to execute code through Task Runners.\n\nThis issue affected any deployment in which the following conditions were met:\n\n- Task Runners were enabled using `N8N_RUNNERS_ENABLED=true` (default: false)\n- Python was enabled `N8N_PYTHON_ENABLED=true`\n- Code Node was enabled (default: true)\n\nIn case the `N8N_RUNNERS_MODE` is set to `external` (default: `internal`) the sandbox escape is limited to the sidecar container with lower risk for lateral movement. In that case a lower high severity is more appropriate.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20172", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22629", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22632", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22679", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22725", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25115" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/commit/8607d372f78c388bb3691d9d5b52af7259ec7b1f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n/commit/8607d372f78c388bb3691d9d5b52af7259ec7b1f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25115", "reference_id": "CVE-2026-25115", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25115" }, { "reference_url": "https://github.com/advisories/GHSA-8398-gmmx-564h", "reference_id": "GHSA-8398-gmmx-564h", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8398-gmmx-564h" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h", "reference_id": "GHSA-8398-gmmx-564h", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:16Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73842?format=api", "purl": "pkg:npm/n8n@2.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.8" } ], "aliases": [ "CVE-2026-25115", "GHSA-8398-gmmx-564h" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y36r-uemx-hkhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57209?format=api", "vulnerability_id": "VCID-yxjh-cdsd-ybay", "summary": "n8n Vulnerable to Stored XSS through Attachments View Endpoint\nn8n workflows can store and serve binary files, which are accessible to authenticated users. However, there was no restriction on the MIME type of uploaded files, and the MIME type could be controlled via a GET parameter. This allowed the server to respond with any MIME type, potentially enabling malicious content to be interpreted and executed by the browser.\n\nAn authenticated attacker with member-level permissions could exploit this by uploading a crafted HTML file containing malicious JavaScript. When another user visits the binary data endpoint with the MIME type set to text/html, the script executes in the context of the user’s session. This script could, for example, send a request to change the user’s email address in their account settings, effectively enabling account takeover.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3371", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49637", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49666", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54454", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69856", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-46343" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://github.com/n8n-io/n8n/pull/14350", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:34:53Z/" } ], "url": "https://github.com/n8n-io/n8n/pull/14350" }, { "reference_url": "https://github.com/n8n-io/n8n/pull/14685", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:34:53Z/" } ], "url": "https://github.com/n8n-io/n8n/pull/14685" }, { "reference_url": "https://github.com/n8n-io/n8n/releases/tag/n8n%401.90.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:34:53Z/" } ], "url": "https://github.com/n8n-io/n8n/releases/tag/n8n%401.90.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46343", "reference_id": "CVE-2025-46343", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46343" }, { "reference_url": "https://github.com/advisories/GHSA-c8hm-hr8h-5xjw", "reference_id": "GHSA-c8hm-hr8h-5xjw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8hm-hr8h-5xjw" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-c8hm-hr8h-5xjw", "reference_id": "GHSA-c8hm-hr8h-5xjw", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:34:53Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-c8hm-hr8h-5xjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84971?format=api", "purl": "pkg:npm/n8n@1.90.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-36c3-y4z7-e3ds" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-44pc-rawj-d3h2" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4ue9-c8h9-77dv" }, { "vulnerability": "VCID-4vcw-jab8-rucz" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-6yhw-qkax-fke8" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-8f8n-pt6z-ebhn" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-ew4m-seb1-j3fa" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-h82c-378t-aqb3" }, { "vulnerability": "VCID-hfcq-67j2-vkgw" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kkcp-3tf9-5fgn" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-mvfm-gndx-s3hm" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nfgy-3fhb-8ycu" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-sp9a-8ufw-fyde" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vmda-x2qu-kfbj" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-x9cb-9vev-9ucv" }, { "vulnerability": "VCID-y36r-uemx-hkhk" }, { "vulnerability": "VCID-zuq8-jyty-d7ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.90.0" } ], "aliases": [ "CVE-2025-46343", "GHSA-c8hm-hr8h-5xjw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxjh-cdsd-ybay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50010?format=api", "vulnerability_id": "VCID-zuq8-jyty-d7ev", "summary": "n8n's domain allowlist bypass enables credential exfiltration\nA vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration.\n\nThis only might affect user who have credentials that use wildcard domain patterns (e.g., `*.example.com`) in the \"Allowed domains\" setting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06682", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06696", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06692", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07465", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07454", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25631" }, { "reference_url": "https://github.com/n8n-io/n8n", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/n8n-io/n8n" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25631", "reference_id": "CVE-2026-25631", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25631" }, { "reference_url": "https://github.com/advisories/GHSA-2xcx-75h9-vr9h", "reference_id": "GHSA-2xcx-75h9-vr9h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xcx-75h9-vr9h" }, { "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-2xcx-75h9-vr9h", "reference_id": "GHSA-2xcx-75h9-vr9h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T21:06:21Z/" } ], "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-2xcx-75h9-vr9h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73068?format=api", "purl": "pkg:npm/n8n@1.121.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n3j-672w-p3f9" }, { "vulnerability": "VCID-2srm-ktga-w7hb" }, { "vulnerability": "VCID-2ucg-22n6-n3ag" }, { "vulnerability": "VCID-38wy-4z9b-gfeh" }, { "vulnerability": "VCID-3bk2-zvud-c7et" }, { "vulnerability": "VCID-3fs8-b1v9-7qeb" }, { "vulnerability": "VCID-3qs7-8ewt-j3aa" }, { "vulnerability": "VCID-4axp-5smx-g7bc" }, { "vulnerability": "VCID-4w75-581c-3ycz" }, { "vulnerability": "VCID-5dtu-z3ww-c3hx" }, { "vulnerability": "VCID-6f6h-nx37-fqbx" }, { "vulnerability": "VCID-74fh-jbha-m7d7" }, { "vulnerability": "VCID-7rw7-zc4s-huaq" }, { "vulnerability": "VCID-9cdm-87vn-47dn" }, { "vulnerability": "VCID-akxw-urjb-qff8" }, { "vulnerability": "VCID-ardd-vu45-uba8" }, { "vulnerability": "VCID-axyq-35hd-skhq" }, { "vulnerability": "VCID-bbmg-r6ze-dugs" }, { "vulnerability": "VCID-bf5s-ucsz-rbgp" }, { "vulnerability": "VCID-dd53-wba6-f3c6" }, { "vulnerability": "VCID-ejke-qxks-u3gc" }, { "vulnerability": "VCID-f2u8-cp2c-tbbn" }, { "vulnerability": "VCID-fwxr-8gw5-9fgx" }, { "vulnerability": "VCID-fz16-2act-hqg7" }, { "vulnerability": "VCID-gbpq-vzwt-ykep" }, { "vulnerability": "VCID-gvjm-hukc-93f8" }, { "vulnerability": "VCID-h7b1-xmu3-wbc1" }, { "vulnerability": "VCID-j3t9-jkr4-7fbc" }, { "vulnerability": "VCID-ka79-3enj-fkew" }, { "vulnerability": "VCID-kpes-f88x-vuhd" }, { "vulnerability": "VCID-m8k1-g6g5-qbfs" }, { "vulnerability": "VCID-nafx-g818-nbb6" }, { "vulnerability": "VCID-nazv-a4as-fkgk" }, { "vulnerability": "VCID-nf1f-y3be-pyaq" }, { "vulnerability": "VCID-nhxg-5zv4-t3cp" }, { "vulnerability": "VCID-rakr-u2h7-mkhm" }, { "vulnerability": "VCID-rh43-8ugj-ufe3" }, { "vulnerability": "VCID-srsg-ge6y-2ybu" }, { "vulnerability": "VCID-tbqs-6hwf-yffz" }, { "vulnerability": "VCID-tfcu-w2ek-wkf9" }, { "vulnerability": "VCID-ts5h-by8q-4ybw" }, { "vulnerability": "VCID-ttr7-jtyj-4ufp" }, { "vulnerability": "VCID-txf4-9gr1-ekcj" }, { "vulnerability": "VCID-upx4-rmwg-yqfz" }, { "vulnerability": "VCID-uz4t-m6tu-cuf3" }, { "vulnerability": "VCID-vn1a-guqa-5fc3" }, { "vulnerability": "VCID-vvwk-2kb6-fbf8" }, { "vulnerability": "VCID-vz7j-zkq3-zybm" }, { "vulnerability": "VCID-w1wa-4kd7-abfm" }, { "vulnerability": "VCID-wz7x-wqw3-wbg5" }, { "vulnerability": "VCID-x1ad-c3rb-c3g7" }, { "vulnerability": "VCID-x4dc-p13b-h3aa" }, { "vulnerability": "VCID-y36r-uemx-hkhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.121.0" } ], "aliases": [ "CVE-2026-25631", "GHSA-2xcx-75h9-vr9h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zuq8-jyty-d7ev" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/n8n@0.105.0" }