Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/n8n@1.0.4
Typenpm
Namespace
Namen8n
Version1.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.123.33
Latest_non_vulnerable_version2.22.1
Affected_by_vulnerabilities
0
url VCID-17dc-5ubt-g3e1
vulnerability_id VCID-17dc-5ubt-g3e1
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against the connected database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42237
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11412
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42237
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42237
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42237
3
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx
reference_id GHSA-f3f2-mcxc-pwjx
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx
4
reference_url https://github.com/advisories/GHSA-hp3c-vfpm-q4f7
reference_id GHSA-hp3c-vfpm-q4f7
reference_type
scores
url https://github.com/advisories/GHSA-hp3c-vfpm-q4f7
5
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7
reference_id GHSA-hp3c-vfpm-q4f7
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:17:33Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42237, GHSA-hp3c-vfpm-q4f7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17dc-5ubt-g3e1
1
url VCID-18zg-q45k-d3f3
vulnerability_id VCID-18zg-q45k-d3f3
summary n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33751
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05308
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33751
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33751
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33751
3
reference_url https://github.com/advisories/GHSA-w83q-mcmx-mh42
reference_id GHSA-w83q-mcmx-mh42
reference_type
scores
url https://github.com/advisories/GHSA-w83q-mcmx-mh42
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42
reference_id GHSA-w83q-mcmx-mh42
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:10:55Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42
fixed_packages
0
url pkg:npm/n8n@1.123.27
purl pkg:npm/n8n@1.123.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-39dw-4b5k-1bae
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-4crt-c14t-53dq
5
vulnerability VCID-krxn-r6bc-cffu
6
vulnerability VCID-nhbw-hcq1-b3em
7
vulnerability VCID-nva1-tjfr-ckb5
8
vulnerability VCID-rq3f-24px-ykfk
9
vulnerability VCID-su1t-s9q1-h7am
10
vulnerability VCID-v4ft-nvxq-cyhy
11
vulnerability VCID-wte4-73wa-53fx
12
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27
1
url pkg:npm/n8n@2.13.3
purl pkg:npm/n8n@2.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3
2
url pkg:npm/n8n@2.14.1
purl pkg:npm/n8n@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1
aliases CVE-2026-33751, GHSA-w83q-mcmx-mh42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18zg-q45k-d3f3
2
url VCID-1rt1-y3w9-skc7
vulnerability_id VCID-1rt1-y3w9-skc7
summary 
n8n has XSS in its Credential Management Flow
## Impact
An authenticated user with permission to create and share credentials could craft a malicious OAuth2 credential containing a JavaScript URL in the Authorization URL field. If a victim opened the credential and interacted with the OAuth authorization button, the injected script would execute in their browser session.

## Patches
The issue has been fixed in n8n versions 2.8.0 and 2.6.4. Users should upgrade to one of these versions or later to remediate the vulnerability.

## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit credential creation and sharing permissions to fully trusted users only.
- Restrict access to the n8n instance to trusted users only.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-364x-8g5j-x2pr
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-364x-8g5j-x2pr
2
reference_url https://github.com/advisories/GHSA-364x-8g5j-x2pr
reference_id GHSA-364x-8g5j-x2pr
reference_type
scores
url https://github.com/advisories/GHSA-364x-8g5j-x2pr
fixed_packages
0
url pkg:npm/n8n@2.6.4
purl pkg:npm/n8n@2.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-6xm5-7kq2-xqdm
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-95f5-4xkw-yuae
8
vulnerability VCID-camv-m2tf-qkac
9
vulnerability VCID-cyxm-4jde-myc1
10
vulnerability VCID-d5bn-f87r-vka1
11
vulnerability VCID-dm6y-ymh9-u3cm
12
vulnerability VCID-f8r2-7ab1-w3d8
13
vulnerability VCID-g3sy-n7qb-kqat
14
vulnerability VCID-krxn-r6bc-cffu
15
vulnerability VCID-nhbw-hcq1-b3em
16
vulnerability VCID-nva1-tjfr-ckb5
17
vulnerability VCID-p2w8-9t9n-7baw
18
vulnerability VCID-qrf6-n324-ybbj
19
vulnerability VCID-r89t-ywcr-kbev
20
vulnerability VCID-ra9y-br8w-k7au
21
vulnerability VCID-rq3f-24px-ykfk
22
vulnerability VCID-s8p4-nts1-2fh2
23
vulnerability VCID-su1t-s9q1-h7am
24
vulnerability VCID-ty34-7aqe-27gv
25
vulnerability VCID-ubn7-w3vz-hqgb
26
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.6.4
1
url pkg:npm/n8n@2.8.0
purl pkg:npm/n8n@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-6xm5-7kq2-xqdm
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-95f5-4xkw-yuae
8
vulnerability VCID-camv-m2tf-qkac
9
vulnerability VCID-cyxm-4jde-myc1
10
vulnerability VCID-dm6y-ymh9-u3cm
11
vulnerability VCID-f8r2-7ab1-w3d8
12
vulnerability VCID-g3sy-n7qb-kqat
13
vulnerability VCID-krxn-r6bc-cffu
14
vulnerability VCID-nhbw-hcq1-b3em
15
vulnerability VCID-nva1-tjfr-ckb5
16
vulnerability VCID-p2w8-9t9n-7baw
17
vulnerability VCID-qrf6-n324-ybbj
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-ra9y-br8w-k7au
20
vulnerability VCID-rq3f-24px-ykfk
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-ubn7-w3vz-hqgb
24
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.8.0
aliases GHSA-364x-8g5j-x2pr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rt1-y3w9-skc7
3
url VCID-2kxv-vwc7-3ubf
vulnerability_id VCID-2kxv-vwc7-3ubf
summary 
n8n: Authenticated XSS and Open Redirect via Form Node
## Impact
An authenticated user with permission to create or modify workflows could configure a Form Node with an unsanitized HTML description field or exploit an overly permissive iframe sandbox policy to perform stored cross-site scripting or redirect end users visiting the form to an arbitrary external URL. The vulnerability could be used to facilitate phishing attacks.

## Patches
The issue has been fixed in n8n versions 1.123.24, 2.10.4 and 2.12.0. Users should upgrade to one of these versions or later to remediate the vulnerability.

## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable.
- Disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c
2
reference_url https://github.com/advisories/GHSA-w673-8fjw-457c
reference_id GHSA-w673-8fjw-457c
reference_type
scores
url https://github.com/advisories/GHSA-w673-8fjw-457c
fixed_packages
0
url pkg:npm/n8n@1.123.24
purl pkg:npm/n8n@1.123.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-39dw-4b5k-1bae
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-4crt-c14t-53dq
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-78yr-xz2p-rkff
8
vulnerability VCID-camv-m2tf-qkac
9
vulnerability VCID-d5bn-f87r-vka1
10
vulnerability VCID-d763-b5fk-g3dm
11
vulnerability VCID-f8r2-7ab1-w3d8
12
vulnerability VCID-krxn-r6bc-cffu
13
vulnerability VCID-nhbw-hcq1-b3em
14
vulnerability VCID-nva1-tjfr-ckb5
15
vulnerability VCID-r89t-ywcr-kbev
16
vulnerability VCID-rq3f-24px-ykfk
17
vulnerability VCID-su1t-s9q1-h7am
18
vulnerability VCID-ty34-7aqe-27gv
19
vulnerability VCID-umut-3bp5-y3eq
20
vulnerability VCID-v4ft-nvxq-cyhy
21
vulnerability VCID-wte4-73wa-53fx
22
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.24
1
url pkg:npm/n8n@2.10.4
purl pkg:npm/n8n@2.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-456j-q8xt-57e3
3
vulnerability VCID-6pzv-3t6r-akeq
4
vulnerability VCID-78yr-xz2p-rkff
5
vulnerability VCID-camv-m2tf-qkac
6
vulnerability VCID-f8r2-7ab1-w3d8
7
vulnerability VCID-krxn-r6bc-cffu
8
vulnerability VCID-nhbw-hcq1-b3em
9
vulnerability VCID-nva1-tjfr-ckb5
10
vulnerability VCID-r89t-ywcr-kbev
11
vulnerability VCID-rq3f-24px-ykfk
12
vulnerability VCID-su1t-s9q1-h7am
13
vulnerability VCID-ty34-7aqe-27gv
14
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.4
2
url pkg:npm/n8n@2.12.0
purl pkg:npm/n8n@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-456j-q8xt-57e3
3
vulnerability VCID-6pzv-3t6r-akeq
4
vulnerability VCID-78yr-xz2p-rkff
5
vulnerability VCID-camv-m2tf-qkac
6
vulnerability VCID-f8r2-7ab1-w3d8
7
vulnerability VCID-krxn-r6bc-cffu
8
vulnerability VCID-nhbw-hcq1-b3em
9
vulnerability VCID-nva1-tjfr-ckb5
10
vulnerability VCID-rq3f-24px-ykfk
11
vulnerability VCID-su1t-s9q1-h7am
12
vulnerability VCID-ty34-7aqe-27gv
13
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.12.0
aliases GHSA-w673-8fjw-457c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2kxv-vwc7-3ubf
4
url VCID-39dw-4b5k-1bae
vulnerability_id VCID-39dw-4b5k-1bae
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42232
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.45037
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42232
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42232
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42232
3
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r
reference_id GHSA-hqr4-h3xv-9m3r
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-04T19:41:11Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42232, GHSA-hqr4-h3xv-9m3r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39dw-4b5k-1bae
5
url VCID-3p4c-nkcn-hkey
vulnerability_id VCID-3p4c-nkcn-hkey
summary n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]", disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use the task runner based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68668
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10857
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68668
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68668
reference_id CVE-2025-68668
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68668
3
reference_url https://www.smartkeyss.com/post/cve-2025-68668-breaking-out-of-the-python-sandbox-in-n8n
reference_id CVE-2025-68668-BREAKING-OUT-OF-THE-PYTHON-SANDBOX-IN-N8N
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.smartkeyss.com/post/cve-2025-68668-breaking-out-of-the-python-sandbox-in-n8n
4
reference_url https://github.com/advisories/GHSA-62r4-hw23-cc8v
reference_id GHSA-62r4-hw23-cc8v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62r4-hw23-cc8v
5
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v
reference_id GHSA-62r4-hw23-cc8v
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-26T21:54:21Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v
fixed_packages
0
url pkg:npm/n8n@2.0.0
purl pkg:npm/n8n@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-5pjr-smm2-pyav
7
vulnerability VCID-6pzv-3t6r-akeq
8
vulnerability VCID-6xm5-7kq2-xqdm
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-95f5-4xkw-yuae
11
vulnerability VCID-9bcs-wgnz-m3e8
12
vulnerability VCID-c4s3-zx71-c7h3
13
vulnerability VCID-camv-m2tf-qkac
14
vulnerability VCID-cxss-9g41-gfb7
15
vulnerability VCID-cyxm-4jde-myc1
16
vulnerability VCID-d1rq-nmws-w3fy
17
vulnerability VCID-d5bn-f87r-vka1
18
vulnerability VCID-d5s2-xbfd-ukg7
19
vulnerability VCID-d763-b5fk-g3dm
20
vulnerability VCID-dm6y-ymh9-u3cm
21
vulnerability VCID-f8r2-7ab1-w3d8
22
vulnerability VCID-fuvy-21q8-fyhh
23
vulnerability VCID-g3sy-n7qb-kqat
24
vulnerability VCID-h9zv-wu1v-83ft
25
vulnerability VCID-krxn-r6bc-cffu
26
vulnerability VCID-ktyh-c1au-6yc7
27
vulnerability VCID-nhbw-hcq1-b3em
28
vulnerability VCID-nva1-tjfr-ckb5
29
vulnerability VCID-p2w8-9t9n-7baw
30
vulnerability VCID-qrf6-n324-ybbj
31
vulnerability VCID-r89t-ywcr-kbev
32
vulnerability VCID-ra9y-br8w-k7au
33
vulnerability VCID-rq3f-24px-ykfk
34
vulnerability VCID-s86a-mpj9-dfhg
35
vulnerability VCID-s8p4-nts1-2fh2
36
vulnerability VCID-su1t-s9q1-h7am
37
vulnerability VCID-ty34-7aqe-27gv
38
vulnerability VCID-ubn7-w3vz-hqgb
39
vulnerability VCID-umut-3bp5-y3eq
40
vulnerability VCID-v6z9-pvhr-k7d2
41
vulnerability VCID-wbd6-q158-8khm
42
vulnerability VCID-wg96-fujy-33db
43
vulnerability VCID-xf7g-p8s2-rqbj
44
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0
aliases CVE-2025-68668, GHSA-62r4-hw23-cc8v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3p4c-nkcn-hkey
6
url VCID-456j-q8xt-57e3
vulnerability_id VCID-456j-q8xt-57e3
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field (e.g., from a webhook), an attacker could inject arbitrary SQL and exfiltrate data from the connected Oracle database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42233
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19896
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42233
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42233
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42233
3
reference_url https://github.com/advisories/GHSA-r6jc-mpqw-m755
reference_id GHSA-r6jc-mpqw-m755
reference_type
scores
url https://github.com/advisories/GHSA-r6jc-mpqw-m755
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755
reference_id GHSA-r6jc-mpqw-m755
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:55Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42233, GHSA-r6jc-mpqw-m755
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-456j-q8xt-57e3
7
url VCID-4crt-c14t-53dq
vulnerability_id VCID-4crt-c14t-53dq
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim's authenticated n8n browser session, enabling credential and session token theft, workflow manipulation, or privilege escalation. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42235
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.29789
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42235
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42235
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42235
3
reference_url https://github.com/advisories/GHSA-537j-gqpc-p7fq
reference_id GHSA-537j-gqpc-p7fq
reference_type
scores
url https://github.com/advisories/GHSA-537j-gqpc-p7fq
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-537j-gqpc-p7fq
reference_id GHSA-537j-gqpc-p7fq
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:39:57Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-537j-gqpc-p7fq
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42235, GHSA-537j-gqpc-p7fq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4crt-c14t-53dq
8
url VCID-5c7w-mba9-mucn
vulnerability_id VCID-5c7w-mba9-mucn
summary n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21877
reference_id
reference_type
scores
0
value 0.05899
scoring_system epss
scoring_elements 0.90808
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21877
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21877
reference_id CVE-2026-21877
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-21877
3
reference_url https://github.com/n8n-io/n8n/commit/f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6
reference_id f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-08T18:59:03Z/
url https://github.com/n8n-io/n8n/commit/f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6
4
reference_url https://github.com/advisories/GHSA-v364-rw7m-3263
reference_id GHSA-v364-rw7m-3263
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v364-rw7m-3263
5
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263
reference_id GHSA-v364-rw7m-3263
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-08T18:59:03Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263
fixed_packages
0
url pkg:npm/n8n@1.121.3
purl pkg:npm/n8n@1.121.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5fsf-m3s8-pfg2
9
vulnerability VCID-5pjr-smm2-pyav
10
vulnerability VCID-6pzv-3t6r-akeq
11
vulnerability VCID-6xm5-7kq2-xqdm
12
vulnerability VCID-78yr-xz2p-rkff
13
vulnerability VCID-95f5-4xkw-yuae
14
vulnerability VCID-9bcs-wgnz-m3e8
15
vulnerability VCID-c4s3-zx71-c7h3
16
vulnerability VCID-camv-m2tf-qkac
17
vulnerability VCID-cxss-9g41-gfb7
18
vulnerability VCID-cy8m-aw8f-zkfx
19
vulnerability VCID-cyxm-4jde-myc1
20
vulnerability VCID-d1rq-nmws-w3fy
21
vulnerability VCID-d5bn-f87r-vka1
22
vulnerability VCID-d5s2-xbfd-ukg7
23
vulnerability VCID-d763-b5fk-g3dm
24
vulnerability VCID-dm6y-ymh9-u3cm
25
vulnerability VCID-e1c6-5sck-8bas
26
vulnerability VCID-f8r2-7ab1-w3d8
27
vulnerability VCID-fuvy-21q8-fyhh
28
vulnerability VCID-g3sy-n7qb-kqat
29
vulnerability VCID-h9zv-wu1v-83ft
30
vulnerability VCID-krxn-r6bc-cffu
31
vulnerability VCID-ktyh-c1au-6yc7
32
vulnerability VCID-nhbw-hcq1-b3em
33
vulnerability VCID-nva1-tjfr-ckb5
34
vulnerability VCID-p2w8-9t9n-7baw
35
vulnerability VCID-qrf6-n324-ybbj
36
vulnerability VCID-r89t-ywcr-kbev
37
vulnerability VCID-ra9y-br8w-k7au
38
vulnerability VCID-rq3f-24px-ykfk
39
vulnerability VCID-s8p4-nts1-2fh2
40
vulnerability VCID-su1t-s9q1-h7am
41
vulnerability VCID-ty34-7aqe-27gv
42
vulnerability VCID-ubn7-w3vz-hqgb
43
vulnerability VCID-umut-3bp5-y3eq
44
vulnerability VCID-v4ft-nvxq-cyhy
45
vulnerability VCID-v6z9-pvhr-k7d2
46
vulnerability VCID-wbd6-q158-8khm
47
vulnerability VCID-wg96-fujy-33db
48
vulnerability VCID-wte4-73wa-53fx
49
vulnerability VCID-x1jy-nk1c-6uak
50
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.121.3
aliases CVE-2026-21877, GHSA-v364-rw7m-3263
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5c7w-mba9-mucn
9
url VCID-5fsf-m3s8-pfg2
vulnerability_id VCID-5fsf-m3s8-pfg2
summary n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the `externalSecret:list` permission check and allowed access to secrets stored in connected vaults without admin or owner privileges. This issue requires the instance to have an external secrets vault configured. The attacker must know or be able to guess the name of a target secret. The issue has been fixed in n8n versions 1.123.23 and 2.6.4. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Restrict n8n access to fully trusted users only, and/or disable external secrets integration until the patch can be applied. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33722
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04474
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33722
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33722
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33722
3
reference_url https://github.com/advisories/GHSA-fxcw-h3qj-8m8p
reference_id GHSA-fxcw-h3qj-8m8p
reference_type
scores
url https://github.com/advisories/GHSA-fxcw-h3qj-8m8p
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-fxcw-h3qj-8m8p
reference_id GHSA-fxcw-h3qj-8m8p
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-28T01:28:29Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-fxcw-h3qj-8m8p
fixed_packages
0
url pkg:npm/n8n@1.123.23
purl pkg:npm/n8n@1.123.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-6pzv-3t6r-akeq
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-camv-m2tf-qkac
10
vulnerability VCID-d5bn-f87r-vka1
11
vulnerability VCID-d763-b5fk-g3dm
12
vulnerability VCID-f8r2-7ab1-w3d8
13
vulnerability VCID-krxn-r6bc-cffu
14
vulnerability VCID-nhbw-hcq1-b3em
15
vulnerability VCID-nva1-tjfr-ckb5
16
vulnerability VCID-r89t-ywcr-kbev
17
vulnerability VCID-rq3f-24px-ykfk
18
vulnerability VCID-su1t-s9q1-h7am
19
vulnerability VCID-ty34-7aqe-27gv
20
vulnerability VCID-umut-3bp5-y3eq
21
vulnerability VCID-v4ft-nvxq-cyhy
22
vulnerability VCID-wte4-73wa-53fx
23
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.23
1
url pkg:npm/n8n@2.6.4
purl pkg:npm/n8n@2.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-6xm5-7kq2-xqdm
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-95f5-4xkw-yuae
8
vulnerability VCID-camv-m2tf-qkac
9
vulnerability VCID-cyxm-4jde-myc1
10
vulnerability VCID-d5bn-f87r-vka1
11
vulnerability VCID-dm6y-ymh9-u3cm
12
vulnerability VCID-f8r2-7ab1-w3d8
13
vulnerability VCID-g3sy-n7qb-kqat
14
vulnerability VCID-krxn-r6bc-cffu
15
vulnerability VCID-nhbw-hcq1-b3em
16
vulnerability VCID-nva1-tjfr-ckb5
17
vulnerability VCID-p2w8-9t9n-7baw
18
vulnerability VCID-qrf6-n324-ybbj
19
vulnerability VCID-r89t-ywcr-kbev
20
vulnerability VCID-ra9y-br8w-k7au
21
vulnerability VCID-rq3f-24px-ykfk
22
vulnerability VCID-s8p4-nts1-2fh2
23
vulnerability VCID-su1t-s9q1-h7am
24
vulnerability VCID-ty34-7aqe-27gv
25
vulnerability VCID-ubn7-w3vz-hqgb
26
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.6.4
aliases CVE-2026-33722, GHSA-fxcw-h3qj-8m8p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5fsf-m3s8-pfg2
10
url VCID-5pjr-smm2-pyav
vulnerability_id VCID-5pjr-smm2-pyav
summary n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in versions 1.123.9 and 2.2.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25054
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03977
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25054
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25054
reference_id CVE-2026-25054
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25054
3
reference_url https://github.com/advisories/GHSA-qpq4-pw7f-pp8w
reference_id GHSA-qpq4-pw7f-pp8w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpq4-pw7f-pp8w
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-qpq4-pw7f-pp8w
reference_id GHSA-qpq4-pw7f-pp8w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:21Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-qpq4-pw7f-pp8w
fixed_packages
0
url pkg:npm/n8n@1.123.9
purl pkg:npm/n8n@1.123.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5fsf-m3s8-pfg2
9
vulnerability VCID-6pzv-3t6r-akeq
10
vulnerability VCID-6xm5-7kq2-xqdm
11
vulnerability VCID-78yr-xz2p-rkff
12
vulnerability VCID-95f5-4xkw-yuae
13
vulnerability VCID-9bcs-wgnz-m3e8
14
vulnerability VCID-c4s3-zx71-c7h3
15
vulnerability VCID-camv-m2tf-qkac
16
vulnerability VCID-cxss-9g41-gfb7
17
vulnerability VCID-cyxm-4jde-myc1
18
vulnerability VCID-d1rq-nmws-w3fy
19
vulnerability VCID-d5bn-f87r-vka1
20
vulnerability VCID-d5s2-xbfd-ukg7
21
vulnerability VCID-d763-b5fk-g3dm
22
vulnerability VCID-dm6y-ymh9-u3cm
23
vulnerability VCID-e1c6-5sck-8bas
24
vulnerability VCID-f8r2-7ab1-w3d8
25
vulnerability VCID-g3sy-n7qb-kqat
26
vulnerability VCID-h9zv-wu1v-83ft
27
vulnerability VCID-krxn-r6bc-cffu
28
vulnerability VCID-ktyh-c1au-6yc7
29
vulnerability VCID-nhbw-hcq1-b3em
30
vulnerability VCID-nva1-tjfr-ckb5
31
vulnerability VCID-p2w8-9t9n-7baw
32
vulnerability VCID-qrf6-n324-ybbj
33
vulnerability VCID-r89t-ywcr-kbev
34
vulnerability VCID-ra9y-br8w-k7au
35
vulnerability VCID-rq3f-24px-ykfk
36
vulnerability VCID-s8p4-nts1-2fh2
37
vulnerability VCID-su1t-s9q1-h7am
38
vulnerability VCID-ty34-7aqe-27gv
39
vulnerability VCID-ubn7-w3vz-hqgb
40
vulnerability VCID-umut-3bp5-y3eq
41
vulnerability VCID-v4ft-nvxq-cyhy
42
vulnerability VCID-v6z9-pvhr-k7d2
43
vulnerability VCID-wbd6-q158-8khm
44
vulnerability VCID-wg96-fujy-33db
45
vulnerability VCID-wte4-73wa-53fx
46
vulnerability VCID-x1jy-nk1c-6uak
47
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.9
1
url pkg:npm/n8n@2.2.1
purl pkg:npm/n8n@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-9bcs-wgnz-m3e8
11
vulnerability VCID-c4s3-zx71-c7h3
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cxss-9g41-gfb7
14
vulnerability VCID-cyxm-4jde-myc1
15
vulnerability VCID-d1rq-nmws-w3fy
16
vulnerability VCID-d5bn-f87r-vka1
17
vulnerability VCID-d5s2-xbfd-ukg7
18
vulnerability VCID-d763-b5fk-g3dm
19
vulnerability VCID-dm6y-ymh9-u3cm
20
vulnerability VCID-f8r2-7ab1-w3d8
21
vulnerability VCID-g3sy-n7qb-kqat
22
vulnerability VCID-krxn-r6bc-cffu
23
vulnerability VCID-ktyh-c1au-6yc7
24
vulnerability VCID-nhbw-hcq1-b3em
25
vulnerability VCID-nva1-tjfr-ckb5
26
vulnerability VCID-p2w8-9t9n-7baw
27
vulnerability VCID-qrf6-n324-ybbj
28
vulnerability VCID-r89t-ywcr-kbev
29
vulnerability VCID-ra9y-br8w-k7au
30
vulnerability VCID-rq3f-24px-ykfk
31
vulnerability VCID-s86a-mpj9-dfhg
32
vulnerability VCID-s8p4-nts1-2fh2
33
vulnerability VCID-su1t-s9q1-h7am
34
vulnerability VCID-ty34-7aqe-27gv
35
vulnerability VCID-ubn7-w3vz-hqgb
36
vulnerability VCID-umut-3bp5-y3eq
37
vulnerability VCID-v6z9-pvhr-k7d2
38
vulnerability VCID-wbd6-q158-8khm
39
vulnerability VCID-wg96-fujy-33db
40
vulnerability VCID-xf7g-p8s2-rqbj
41
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.2.1
aliases CVE-2026-25054, GHSA-qpq4-pw7f-pp8w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pjr-smm2-pyav
11
url VCID-63n8-hy1m-3ke5
vulnerability_id VCID-63n8-hy1m-3ke5
summary n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21893
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.48668
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21893
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838
reference_id ae0669a736cc496beeb296e115267862727ae838
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T19:33:16Z/
url https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21893
reference_id CVE-2026-21893
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-21893
4
reference_url https://github.com/advisories/GHSA-7c4h-vh2m-743m
reference_id GHSA-7c4h-vh2m-743m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7c4h-vh2m-743m
5
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m
reference_id GHSA-7c4h-vh2m-743m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T19:33:16Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m
fixed_packages
0
url pkg:npm/n8n@1.120.3
purl pkg:npm/n8n@1.120.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5pjr-smm2-pyav
11
vulnerability VCID-6pzv-3t6r-akeq
12
vulnerability VCID-6xm5-7kq2-xqdm
13
vulnerability VCID-78yr-xz2p-rkff
14
vulnerability VCID-95f5-4xkw-yuae
15
vulnerability VCID-9bcs-wgnz-m3e8
16
vulnerability VCID-b5ba-g4u9-jkgx
17
vulnerability VCID-c4s3-zx71-c7h3
18
vulnerability VCID-camv-m2tf-qkac
19
vulnerability VCID-cxss-9g41-gfb7
20
vulnerability VCID-cy8m-aw8f-zkfx
21
vulnerability VCID-cyxm-4jde-myc1
22
vulnerability VCID-d1rq-nmws-w3fy
23
vulnerability VCID-d5bn-f87r-vka1
24
vulnerability VCID-d5s2-xbfd-ukg7
25
vulnerability VCID-d763-b5fk-g3dm
26
vulnerability VCID-d7g4-89n1-y7e7
27
vulnerability VCID-dm6y-ymh9-u3cm
28
vulnerability VCID-e1c6-5sck-8bas
29
vulnerability VCID-f8r2-7ab1-w3d8
30
vulnerability VCID-fuvy-21q8-fyhh
31
vulnerability VCID-g3sy-n7qb-kqat
32
vulnerability VCID-h9zv-wu1v-83ft
33
vulnerability VCID-krxn-r6bc-cffu
34
vulnerability VCID-ktyh-c1au-6yc7
35
vulnerability VCID-nhbw-hcq1-b3em
36
vulnerability VCID-nva1-tjfr-ckb5
37
vulnerability VCID-p2w8-9t9n-7baw
38
vulnerability VCID-qkka-4nty-sqh1
39
vulnerability VCID-qrf6-n324-ybbj
40
vulnerability VCID-r89t-ywcr-kbev
41
vulnerability VCID-ra9y-br8w-k7au
42
vulnerability VCID-rq3f-24px-ykfk
43
vulnerability VCID-s8p4-nts1-2fh2
44
vulnerability VCID-su1t-s9q1-h7am
45
vulnerability VCID-ty34-7aqe-27gv
46
vulnerability VCID-ubn7-w3vz-hqgb
47
vulnerability VCID-umut-3bp5-y3eq
48
vulnerability VCID-v4ft-nvxq-cyhy
49
vulnerability VCID-v6z9-pvhr-k7d2
50
vulnerability VCID-wbd6-q158-8khm
51
vulnerability VCID-wg96-fujy-33db
52
vulnerability VCID-wte4-73wa-53fx
53
vulnerability VCID-x1jy-nk1c-6uak
54
vulnerability VCID-xf7g-p8s2-rqbj
55
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.120.3
aliases CVE-2026-21893, GHSA-7c4h-vh2m-743m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63n8-hy1m-3ke5
12
url VCID-6pzv-3t6r-akeq
vulnerability_id VCID-6pzv-3t6r-akeq
summary n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33696
reference_id
reference_type
scores
0
value 0.0021
scoring_system epss
scoring_elements 0.43526
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33696
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33696
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33696
3
reference_url https://github.com/advisories/GHSA-mxrg-77hm-89hv
reference_id GHSA-mxrg-77hm-89hv
reference_type
scores
url https://github.com/advisories/GHSA-mxrg-77hm-89hv
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv
reference_id GHSA-mxrg-77hm-89hv
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T20:08:10Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv
fixed_packages
0
url pkg:npm/n8n@1.123.27
purl pkg:npm/n8n@1.123.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-39dw-4b5k-1bae
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-4crt-c14t-53dq
5
vulnerability VCID-krxn-r6bc-cffu
6
vulnerability VCID-nhbw-hcq1-b3em
7
vulnerability VCID-nva1-tjfr-ckb5
8
vulnerability VCID-rq3f-24px-ykfk
9
vulnerability VCID-su1t-s9q1-h7am
10
vulnerability VCID-v4ft-nvxq-cyhy
11
vulnerability VCID-wte4-73wa-53fx
12
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27
1
url pkg:npm/n8n@2.13.3
purl pkg:npm/n8n@2.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3
2
url pkg:npm/n8n@2.14.1
purl pkg:npm/n8n@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1
aliases CVE-2026-33696, GHSA-mxrg-77hm-89hv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pzv-3t6r-akeq
13
url VCID-6xm5-7kq2-xqdm
vulnerability_id VCID-6xm5-7kq2-xqdm
summary n8n has an Authentication Bypass in its Chat Trigger Node
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a
2
reference_url https://github.com/advisories/GHSA-jh8h-6c9q-7gmw
reference_id GHSA-jh8h-6c9q-7gmw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh8h-6c9q-7gmw
3
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw
reference_id GHSA-jh8h-6c9q-7gmw
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw
fixed_packages
0
url pkg:npm/n8n@1.123.22
purl pkg:npm/n8n@1.123.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d5bn-f87r-vka1
13
vulnerability VCID-d763-b5fk-g3dm
14
vulnerability VCID-f8r2-7ab1-w3d8
15
vulnerability VCID-krxn-r6bc-cffu
16
vulnerability VCID-nhbw-hcq1-b3em
17
vulnerability VCID-nva1-tjfr-ckb5
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-rq3f-24px-ykfk
20
vulnerability VCID-s8p4-nts1-2fh2
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-umut-3bp5-y3eq
24
vulnerability VCID-v4ft-nvxq-cyhy
25
vulnerability VCID-wg96-fujy-33db
26
vulnerability VCID-wte4-73wa-53fx
27
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22
1
url pkg:npm/n8n@2.9.3
purl pkg:npm/n8n@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-cyxm-4jde-myc1
8
vulnerability VCID-f8r2-7ab1-w3d8
9
vulnerability VCID-krxn-r6bc-cffu
10
vulnerability VCID-nhbw-hcq1-b3em
11
vulnerability VCID-nva1-tjfr-ckb5
12
vulnerability VCID-r89t-ywcr-kbev
13
vulnerability VCID-rq3f-24px-ykfk
14
vulnerability VCID-su1t-s9q1-h7am
15
vulnerability VCID-ty34-7aqe-27gv
16
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3
2
url pkg:npm/n8n@2.10.1
purl pkg:npm/n8n@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-f8r2-7ab1-w3d8
8
vulnerability VCID-krxn-r6bc-cffu
9
vulnerability VCID-nhbw-hcq1-b3em
10
vulnerability VCID-nva1-tjfr-ckb5
11
vulnerability VCID-r89t-ywcr-kbev
12
vulnerability VCID-rq3f-24px-ykfk
13
vulnerability VCID-su1t-s9q1-h7am
14
vulnerability VCID-ty34-7aqe-27gv
15
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1
aliases GHSA-jh8h-6c9q-7gmw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xm5-7kq2-xqdm
14
url VCID-727u-nmx9-xuf3
vulnerability_id VCID-727u-nmx9-xuf3
summary n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-data endpoint and n8n.cloud instances (confirmed HTTP/2 524 timeout responses). Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. This issue has been patched in version 1.99.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49595
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52985
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49595
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49595
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49595
3
reference_url https://github.com/n8n-io/n8n/pull/16229
reference_id 16229
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T13:10:37Z/
url https://github.com/n8n-io/n8n/pull/16229
4
reference_url https://github.com/n8n-io/n8n/commit/43c52a8b4f844e91b02e3cc9df92826a2d7b6052
reference_id 43c52a8b4f844e91b02e3cc9df92826a2d7b6052
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T13:10:37Z/
url https://github.com/n8n-io/n8n/commit/43c52a8b4f844e91b02e3cc9df92826a2d7b6052
5
reference_url https://github.com/advisories/GHSA-pr9r-gxgp-9rm8
reference_id GHSA-pr9r-gxgp-9rm8
reference_type
scores
url https://github.com/advisories/GHSA-pr9r-gxgp-9rm8
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-pr9r-gxgp-9rm8
reference_id GHSA-pr9r-gxgp-9rm8
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T13:10:37Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-pr9r-gxgp-9rm8
fixed_packages
0
url pkg:npm/n8n@1.99.0
purl pkg:npm/n8n@1.99.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5mhm-99u3-ruec
11
vulnerability VCID-5pjr-smm2-pyav
12
vulnerability VCID-63n8-hy1m-3ke5
13
vulnerability VCID-6pzv-3t6r-akeq
14
vulnerability VCID-6xm5-7kq2-xqdm
15
vulnerability VCID-78yr-xz2p-rkff
16
vulnerability VCID-95f5-4xkw-yuae
17
vulnerability VCID-9bcs-wgnz-m3e8
18
vulnerability VCID-b5ba-g4u9-jkgx
19
vulnerability VCID-c232-fvfd-3fda
20
vulnerability VCID-c4s3-zx71-c7h3
21
vulnerability VCID-camv-m2tf-qkac
22
vulnerability VCID-cxss-9g41-gfb7
23
vulnerability VCID-cy8m-aw8f-zkfx
24
vulnerability VCID-cyxm-4jde-myc1
25
vulnerability VCID-d1rq-nmws-w3fy
26
vulnerability VCID-d5bn-f87r-vka1
27
vulnerability VCID-d5s2-xbfd-ukg7
28
vulnerability VCID-d763-b5fk-g3dm
29
vulnerability VCID-d7g4-89n1-y7e7
30
vulnerability VCID-dm6y-ymh9-u3cm
31
vulnerability VCID-e1c6-5sck-8bas
32
vulnerability VCID-et9c-dh4q-3qcy
33
vulnerability VCID-f8r2-7ab1-w3d8
34
vulnerability VCID-fuvy-21q8-fyhh
35
vulnerability VCID-g3sy-n7qb-kqat
36
vulnerability VCID-h9zv-wu1v-83ft
37
vulnerability VCID-krxn-r6bc-cffu
38
vulnerability VCID-ktyh-c1au-6yc7
39
vulnerability VCID-kw94-d9qx-3qf9
40
vulnerability VCID-nh3d-mzxr-j7dy
41
vulnerability VCID-nhbw-hcq1-b3em
42
vulnerability VCID-nva1-tjfr-ckb5
43
vulnerability VCID-p2w8-9t9n-7baw
44
vulnerability VCID-qkka-4nty-sqh1
45
vulnerability VCID-qrf6-n324-ybbj
46
vulnerability VCID-r89t-ywcr-kbev
47
vulnerability VCID-ra9y-br8w-k7au
48
vulnerability VCID-rq3f-24px-ykfk
49
vulnerability VCID-s86a-mpj9-dfhg
50
vulnerability VCID-s8p4-nts1-2fh2
51
vulnerability VCID-st8g-2xn4-97b9
52
vulnerability VCID-su1t-s9q1-h7am
53
vulnerability VCID-ty34-7aqe-27gv
54
vulnerability VCID-ubn7-w3vz-hqgb
55
vulnerability VCID-umut-3bp5-y3eq
56
vulnerability VCID-v4ft-nvxq-cyhy
57
vulnerability VCID-v6z9-pvhr-k7d2
58
vulnerability VCID-vht4-48cx-c7gu
59
vulnerability VCID-wbd6-q158-8khm
60
vulnerability VCID-wg96-fujy-33db
61
vulnerability VCID-wte4-73wa-53fx
62
vulnerability VCID-x1jy-nk1c-6uak
63
vulnerability VCID-xf7g-p8s2-rqbj
64
vulnerability VCID-xnnq-fzcn-7fbg
65
vulnerability VCID-xsuv-1w6k-akeu
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.99.0
aliases CVE-2025-49595, GHSA-pr9r-gxgp-9rm8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-727u-nmx9-xuf3
15
url VCID-78yr-xz2p-rkff
vulnerability_id VCID-78yr-xz2p-rkff
summary n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33660
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.23658
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33660
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33660
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33660
3
reference_url https://github.com/advisories/GHSA-58qr-rcgv-642v
reference_id GHSA-58qr-rcgv-642v
reference_type
scores
url https://github.com/advisories/GHSA-58qr-rcgv-642v
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v
reference_id GHSA-58qr-rcgv-642v
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-28T01:26:07Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v
fixed_packages
0
url pkg:npm/n8n@1.123.27
purl pkg:npm/n8n@1.123.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-39dw-4b5k-1bae
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-4crt-c14t-53dq
5
vulnerability VCID-krxn-r6bc-cffu
6
vulnerability VCID-nhbw-hcq1-b3em
7
vulnerability VCID-nva1-tjfr-ckb5
8
vulnerability VCID-rq3f-24px-ykfk
9
vulnerability VCID-su1t-s9q1-h7am
10
vulnerability VCID-v4ft-nvxq-cyhy
11
vulnerability VCID-wte4-73wa-53fx
12
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27
1
url pkg:npm/n8n@2.13.3
purl pkg:npm/n8n@2.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3
2
url pkg:npm/n8n@2.14.1
purl pkg:npm/n8n@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1
aliases CVE-2026-33660, GHSA-58qr-rcgv-642v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78yr-xz2p-rkff
16
url VCID-95f5-4xkw-yuae
vulnerability_id VCID-95f5-4xkw-yuae
summary n8n Vulnerable to Stored XSS via Various Nodes
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27578
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09942
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27578
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27578
reference_id CVE-2026-27578
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27578
4
reference_url https://github.com/advisories/GHSA-2p9h-rqjw-gm92
reference_id GHSA-2p9h-rqjw-gm92
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2p9h-rqjw-gm92
5
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92
reference_id GHSA-2p9h-rqjw-gm92
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92
fixed_packages
0
url pkg:npm/n8n@1.123.22
purl pkg:npm/n8n@1.123.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d5bn-f87r-vka1
13
vulnerability VCID-d763-b5fk-g3dm
14
vulnerability VCID-f8r2-7ab1-w3d8
15
vulnerability VCID-krxn-r6bc-cffu
16
vulnerability VCID-nhbw-hcq1-b3em
17
vulnerability VCID-nva1-tjfr-ckb5
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-rq3f-24px-ykfk
20
vulnerability VCID-s8p4-nts1-2fh2
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-umut-3bp5-y3eq
24
vulnerability VCID-v4ft-nvxq-cyhy
25
vulnerability VCID-wg96-fujy-33db
26
vulnerability VCID-wte4-73wa-53fx
27
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22
1
url pkg:npm/n8n@2.0.0-rc.0
purl pkg:npm/n8n@2.0.0-rc.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18zg-q45k-d3f3
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-3p4c-nkcn-hkey
4
vulnerability VCID-5fsf-m3s8-pfg2
5
vulnerability VCID-6pzv-3t6r-akeq
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-camv-m2tf-qkac
8
vulnerability VCID-cyxm-4jde-myc1
9
vulnerability VCID-d5bn-f87r-vka1
10
vulnerability VCID-d763-b5fk-g3dm
11
vulnerability VCID-e1c6-5sck-8bas
12
vulnerability VCID-f8r2-7ab1-w3d8
13
vulnerability VCID-h9zv-wu1v-83ft
14
vulnerability VCID-r89t-ywcr-kbev
15
vulnerability VCID-ra9y-br8w-k7au
16
vulnerability VCID-s8p4-nts1-2fh2
17
vulnerability VCID-ty34-7aqe-27gv
18
vulnerability VCID-umut-3bp5-y3eq
19
vulnerability VCID-v6z9-pvhr-k7d2
20
vulnerability VCID-wbd6-q158-8khm
21
vulnerability VCID-wg96-fujy-33db
22
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0
2
url pkg:npm/n8n@2.9.3
purl pkg:npm/n8n@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-cyxm-4jde-myc1
8
vulnerability VCID-f8r2-7ab1-w3d8
9
vulnerability VCID-krxn-r6bc-cffu
10
vulnerability VCID-nhbw-hcq1-b3em
11
vulnerability VCID-nva1-tjfr-ckb5
12
vulnerability VCID-r89t-ywcr-kbev
13
vulnerability VCID-rq3f-24px-ykfk
14
vulnerability VCID-su1t-s9q1-h7am
15
vulnerability VCID-ty34-7aqe-27gv
16
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3
3
url pkg:npm/n8n@2.10.1
purl pkg:npm/n8n@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-f8r2-7ab1-w3d8
8
vulnerability VCID-krxn-r6bc-cffu
9
vulnerability VCID-nhbw-hcq1-b3em
10
vulnerability VCID-nva1-tjfr-ckb5
11
vulnerability VCID-r89t-ywcr-kbev
12
vulnerability VCID-rq3f-24px-ykfk
13
vulnerability VCID-su1t-s9q1-h7am
14
vulnerability VCID-ty34-7aqe-27gv
15
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1
aliases CVE-2026-27578, GHSA-2p9h-rqjw-gm92
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95f5-4xkw-yuae
17
url VCID-9bcs-wgnz-m3e8
vulnerability_id VCID-9bcs-wgnz-m3e8
summary n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. This issue has been patched in versions 1.123.18 and 2.5.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25052
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06479
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25052
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25052
reference_id CVE-2026-25052
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25052
3
reference_url https://github.com/advisories/GHSA-gfvg-qv54-r4pc
reference_id GHSA-gfvg-qv54-r4pc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gfvg-qv54-r4pc
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc
reference_id GHSA-gfvg-qv54-r4pc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:20Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc
fixed_packages
0
url pkg:npm/n8n@1.123.18
purl pkg:npm/n8n@1.123.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-6xm5-7kq2-xqdm
10
vulnerability VCID-78yr-xz2p-rkff
11
vulnerability VCID-95f5-4xkw-yuae
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cyxm-4jde-myc1
14
vulnerability VCID-d5bn-f87r-vka1
15
vulnerability VCID-d763-b5fk-g3dm
16
vulnerability VCID-dm6y-ymh9-u3cm
17
vulnerability VCID-f8r2-7ab1-w3d8
18
vulnerability VCID-g3sy-n7qb-kqat
19
vulnerability VCID-krxn-r6bc-cffu
20
vulnerability VCID-nhbw-hcq1-b3em
21
vulnerability VCID-nva1-tjfr-ckb5
22
vulnerability VCID-p2w8-9t9n-7baw
23
vulnerability VCID-qrf6-n324-ybbj
24
vulnerability VCID-r89t-ywcr-kbev
25
vulnerability VCID-ra9y-br8w-k7au
26
vulnerability VCID-rq3f-24px-ykfk
27
vulnerability VCID-s8p4-nts1-2fh2
28
vulnerability VCID-su1t-s9q1-h7am
29
vulnerability VCID-ty34-7aqe-27gv
30
vulnerability VCID-ubn7-w3vz-hqgb
31
vulnerability VCID-umut-3bp5-y3eq
32
vulnerability VCID-v4ft-nvxq-cyhy
33
vulnerability VCID-wbd6-q158-8khm
34
vulnerability VCID-wg96-fujy-33db
35
vulnerability VCID-wte4-73wa-53fx
36
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.18
1
url pkg:npm/n8n@2.5.0
purl pkg:npm/n8n@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cxss-9g41-gfb7
12
vulnerability VCID-cyxm-4jde-myc1
13
vulnerability VCID-d1rq-nmws-w3fy
14
vulnerability VCID-d5bn-f87r-vka1
15
vulnerability VCID-d5s2-xbfd-ukg7
16
vulnerability VCID-dm6y-ymh9-u3cm
17
vulnerability VCID-f8r2-7ab1-w3d8
18
vulnerability VCID-g3sy-n7qb-kqat
19
vulnerability VCID-krxn-r6bc-cffu
20
vulnerability VCID-nhbw-hcq1-b3em
21
vulnerability VCID-nva1-tjfr-ckb5
22
vulnerability VCID-p2w8-9t9n-7baw
23
vulnerability VCID-qrf6-n324-ybbj
24
vulnerability VCID-r89t-ywcr-kbev
25
vulnerability VCID-ra9y-br8w-k7au
26
vulnerability VCID-rq3f-24px-ykfk
27
vulnerability VCID-s8p4-nts1-2fh2
28
vulnerability VCID-su1t-s9q1-h7am
29
vulnerability VCID-ty34-7aqe-27gv
30
vulnerability VCID-ubn7-w3vz-hqgb
31
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.0
aliases CVE-2026-25052, GHSA-gfvg-qv54-r4pc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bcs-wgnz-m3e8
18
url VCID-b5ba-g4u9-jkgx
vulnerability_id VCID-b5ba-g4u9-jkgx
summary n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68613
reference_id
reference_type
scores
0
value 0.68312
scoring_system epss
scoring_elements 0.98626
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68613
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform
3
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613
4
reference_url https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
reference_id 08f332015153decdda3c37ad4fcb9f7ba13a7c79
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-03-11T17:39:59Z/
url https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
5
reference_url https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
reference_id 1c933358acef527ff61466e53268b41a04be1000
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-03-11T17:39:59Z/
url https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
6
reference_url https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
reference_id 39a2d1d60edde89674ca96dcbb3eb076ffff6316
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-03-11T17:39:59Z/
url https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68613
reference_id CVE-2025-68613
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68613
8
reference_url https://github.com/advisories/GHSA-v98v-ff95-f3cp
reference_id GHSA-v98v-ff95-f3cp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v98v-ff95-f3cp
9
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
reference_id GHSA-v98v-ff95-f3cp
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-03-11T17:39:59Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
fixed_packages
0
url pkg:npm/n8n@1.120.4
purl pkg:npm/n8n@1.120.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5pjr-smm2-pyav
11
vulnerability VCID-6pzv-3t6r-akeq
12
vulnerability VCID-6xm5-7kq2-xqdm
13
vulnerability VCID-78yr-xz2p-rkff
14
vulnerability VCID-95f5-4xkw-yuae
15
vulnerability VCID-9bcs-wgnz-m3e8
16
vulnerability VCID-c4s3-zx71-c7h3
17
vulnerability VCID-camv-m2tf-qkac
18
vulnerability VCID-cxss-9g41-gfb7
19
vulnerability VCID-cy8m-aw8f-zkfx
20
vulnerability VCID-cyxm-4jde-myc1
21
vulnerability VCID-d1rq-nmws-w3fy
22
vulnerability VCID-d5bn-f87r-vka1
23
vulnerability VCID-d5s2-xbfd-ukg7
24
vulnerability VCID-d763-b5fk-g3dm
25
vulnerability VCID-d7g4-89n1-y7e7
26
vulnerability VCID-dm6y-ymh9-u3cm
27
vulnerability VCID-e1c6-5sck-8bas
28
vulnerability VCID-f8r2-7ab1-w3d8
29
vulnerability VCID-fuvy-21q8-fyhh
30
vulnerability VCID-g3sy-n7qb-kqat
31
vulnerability VCID-h9zv-wu1v-83ft
32
vulnerability VCID-krxn-r6bc-cffu
33
vulnerability VCID-ktyh-c1au-6yc7
34
vulnerability VCID-nhbw-hcq1-b3em
35
vulnerability VCID-nva1-tjfr-ckb5
36
vulnerability VCID-p2w8-9t9n-7baw
37
vulnerability VCID-qkka-4nty-sqh1
38
vulnerability VCID-qrf6-n324-ybbj
39
vulnerability VCID-r89t-ywcr-kbev
40
vulnerability VCID-ra9y-br8w-k7au
41
vulnerability VCID-rq3f-24px-ykfk
42
vulnerability VCID-s8p4-nts1-2fh2
43
vulnerability VCID-su1t-s9q1-h7am
44
vulnerability VCID-ty34-7aqe-27gv
45
vulnerability VCID-ubn7-w3vz-hqgb
46
vulnerability VCID-umut-3bp5-y3eq
47
vulnerability VCID-v4ft-nvxq-cyhy
48
vulnerability VCID-v6z9-pvhr-k7d2
49
vulnerability VCID-wbd6-q158-8khm
50
vulnerability VCID-wg96-fujy-33db
51
vulnerability VCID-wte4-73wa-53fx
52
vulnerability VCID-x1jy-nk1c-6uak
53
vulnerability VCID-xf7g-p8s2-rqbj
54
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.120.4
1
url pkg:npm/n8n@1.121.1
purl pkg:npm/n8n@1.121.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5pjr-smm2-pyav
11
vulnerability VCID-6pzv-3t6r-akeq
12
vulnerability VCID-6xm5-7kq2-xqdm
13
vulnerability VCID-78yr-xz2p-rkff
14
vulnerability VCID-95f5-4xkw-yuae
15
vulnerability VCID-9bcs-wgnz-m3e8
16
vulnerability VCID-c4s3-zx71-c7h3
17
vulnerability VCID-camv-m2tf-qkac
18
vulnerability VCID-cxss-9g41-gfb7
19
vulnerability VCID-cy8m-aw8f-zkfx
20
vulnerability VCID-cyxm-4jde-myc1
21
vulnerability VCID-d1rq-nmws-w3fy
22
vulnerability VCID-d5bn-f87r-vka1
23
vulnerability VCID-d5s2-xbfd-ukg7
24
vulnerability VCID-d763-b5fk-g3dm
25
vulnerability VCID-dm6y-ymh9-u3cm
26
vulnerability VCID-e1c6-5sck-8bas
27
vulnerability VCID-f8r2-7ab1-w3d8
28
vulnerability VCID-fuvy-21q8-fyhh
29
vulnerability VCID-g3sy-n7qb-kqat
30
vulnerability VCID-h9zv-wu1v-83ft
31
vulnerability VCID-krxn-r6bc-cffu
32
vulnerability VCID-ktyh-c1au-6yc7
33
vulnerability VCID-nhbw-hcq1-b3em
34
vulnerability VCID-nva1-tjfr-ckb5
35
vulnerability VCID-p2w8-9t9n-7baw
36
vulnerability VCID-qrf6-n324-ybbj
37
vulnerability VCID-r89t-ywcr-kbev
38
vulnerability VCID-ra9y-br8w-k7au
39
vulnerability VCID-rq3f-24px-ykfk
40
vulnerability VCID-s8p4-nts1-2fh2
41
vulnerability VCID-su1t-s9q1-h7am
42
vulnerability VCID-ty34-7aqe-27gv
43
vulnerability VCID-ubn7-w3vz-hqgb
44
vulnerability VCID-umut-3bp5-y3eq
45
vulnerability VCID-v4ft-nvxq-cyhy
46
vulnerability VCID-v6z9-pvhr-k7d2
47
vulnerability VCID-wbd6-q158-8khm
48
vulnerability VCID-wg96-fujy-33db
49
vulnerability VCID-wte4-73wa-53fx
50
vulnerability VCID-x1jy-nk1c-6uak
51
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.121.1
aliases CVE-2025-68613, GHSA-v98v-ff95-f3cp
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5ba-g4u9-jkgx
19
url VCID-c232-fvfd-3fda
vulnerability_id VCID-c232-fvfd-3fda
summary n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can point to a malicious Git hook that executes arbitrary commands on the n8n host during subsequent Git operations. Exploitation requires the ability to create or modify an n8n workflow using the Git node. This issue is fixed in version 1.119.2. Workarounds include excluding the Git Node (Docs) and avoiding cloning or interacting with untrusted repositories using the Git Node.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65964
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.1024
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65964
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65964
reference_id CVE-2025-65964
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65964
3
reference_url https://github.com/n8n-io/n8n/commit/d5a1171f95f75def5c3ac577707ab913e22aef04
reference_id d5a1171f95f75def5c3ac577707ab913e22aef04
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T14:18:38Z/
url https://github.com/n8n-io/n8n/commit/d5a1171f95f75def5c3ac577707ab913e22aef04
4
reference_url https://n8n-docs.teamlab.info/hosting/securing/blocking-nodes/#exclude-nodes
reference_id #exclude-nodes
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T14:18:38Z/
url https://n8n-docs.teamlab.info/hosting/securing/blocking-nodes/#exclude-nodes
5
reference_url https://github.com/advisories/GHSA-wpqc-h9wp-chmq
reference_id GHSA-wpqc-h9wp-chmq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpqc-h9wp-chmq
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-wpqc-h9wp-chmq
reference_id GHSA-wpqc-h9wp-chmq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T14:18:38Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-wpqc-h9wp-chmq
7
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n%401.119.2
reference_id n8n%401.119.2
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T14:18:38Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n%401.119.2
fixed_packages
0
url pkg:npm/n8n@1.119.2
purl pkg:npm/n8n@1.119.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5pjr-smm2-pyav
11
vulnerability VCID-63n8-hy1m-3ke5
12
vulnerability VCID-6pzv-3t6r-akeq
13
vulnerability VCID-6xm5-7kq2-xqdm
14
vulnerability VCID-78yr-xz2p-rkff
15
vulnerability VCID-95f5-4xkw-yuae
16
vulnerability VCID-9bcs-wgnz-m3e8
17
vulnerability VCID-b5ba-g4u9-jkgx
18
vulnerability VCID-c4s3-zx71-c7h3
19
vulnerability VCID-camv-m2tf-qkac
20
vulnerability VCID-cxss-9g41-gfb7
21
vulnerability VCID-cy8m-aw8f-zkfx
22
vulnerability VCID-cyxm-4jde-myc1
23
vulnerability VCID-d1rq-nmws-w3fy
24
vulnerability VCID-d5bn-f87r-vka1
25
vulnerability VCID-d5s2-xbfd-ukg7
26
vulnerability VCID-d763-b5fk-g3dm
27
vulnerability VCID-d7g4-89n1-y7e7
28
vulnerability VCID-dm6y-ymh9-u3cm
29
vulnerability VCID-e1c6-5sck-8bas
30
vulnerability VCID-f8r2-7ab1-w3d8
31
vulnerability VCID-fuvy-21q8-fyhh
32
vulnerability VCID-g3sy-n7qb-kqat
33
vulnerability VCID-h9zv-wu1v-83ft
34
vulnerability VCID-krxn-r6bc-cffu
35
vulnerability VCID-ktyh-c1au-6yc7
36
vulnerability VCID-nhbw-hcq1-b3em
37
vulnerability VCID-nva1-tjfr-ckb5
38
vulnerability VCID-p2w8-9t9n-7baw
39
vulnerability VCID-qkka-4nty-sqh1
40
vulnerability VCID-qrf6-n324-ybbj
41
vulnerability VCID-r89t-ywcr-kbev
42
vulnerability VCID-ra9y-br8w-k7au
43
vulnerability VCID-rq3f-24px-ykfk
44
vulnerability VCID-s8p4-nts1-2fh2
45
vulnerability VCID-su1t-s9q1-h7am
46
vulnerability VCID-ty34-7aqe-27gv
47
vulnerability VCID-ubn7-w3vz-hqgb
48
vulnerability VCID-umut-3bp5-y3eq
49
vulnerability VCID-v4ft-nvxq-cyhy
50
vulnerability VCID-v6z9-pvhr-k7d2
51
vulnerability VCID-wbd6-q158-8khm
52
vulnerability VCID-wg96-fujy-33db
53
vulnerability VCID-wte4-73wa-53fx
54
vulnerability VCID-x1jy-nk1c-6uak
55
vulnerability VCID-xf7g-p8s2-rqbj
56
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.119.2
aliases CVE-2025-65964, GHSA-wpqc-h9wp-chmq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c232-fvfd-3fda
20
url VCID-c4s3-zx71-c7h3
vulnerability_id VCID-c4s3-zx71-c7h3
summary n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25053
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09532
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25053
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25053
reference_id CVE-2026-25053
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25053
3
reference_url https://github.com/advisories/GHSA-9g95-qf3f-ggrw
reference_id GHSA-9g95-qf3f-ggrw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9g95-qf3f-ggrw
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw
reference_id GHSA-9g95-qf3f-ggrw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:18Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw
fixed_packages
0
url pkg:npm/n8n@1.123.10
purl pkg:npm/n8n@1.123.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-6xm5-7kq2-xqdm
10
vulnerability VCID-78yr-xz2p-rkff
11
vulnerability VCID-95f5-4xkw-yuae
12
vulnerability VCID-9bcs-wgnz-m3e8
13
vulnerability VCID-camv-m2tf-qkac
14
vulnerability VCID-cxss-9g41-gfb7
15
vulnerability VCID-cyxm-4jde-myc1
16
vulnerability VCID-d1rq-nmws-w3fy
17
vulnerability VCID-d5bn-f87r-vka1
18
vulnerability VCID-d5s2-xbfd-ukg7
19
vulnerability VCID-d763-b5fk-g3dm
20
vulnerability VCID-dm6y-ymh9-u3cm
21
vulnerability VCID-f8r2-7ab1-w3d8
22
vulnerability VCID-g3sy-n7qb-kqat
23
vulnerability VCID-h9zv-wu1v-83ft
24
vulnerability VCID-krxn-r6bc-cffu
25
vulnerability VCID-ktyh-c1au-6yc7
26
vulnerability VCID-nhbw-hcq1-b3em
27
vulnerability VCID-nva1-tjfr-ckb5
28
vulnerability VCID-p2w8-9t9n-7baw
29
vulnerability VCID-qrf6-n324-ybbj
30
vulnerability VCID-r89t-ywcr-kbev
31
vulnerability VCID-ra9y-br8w-k7au
32
vulnerability VCID-rq3f-24px-ykfk
33
vulnerability VCID-s8p4-nts1-2fh2
34
vulnerability VCID-su1t-s9q1-h7am
35
vulnerability VCID-ty34-7aqe-27gv
36
vulnerability VCID-ubn7-w3vz-hqgb
37
vulnerability VCID-umut-3bp5-y3eq
38
vulnerability VCID-v4ft-nvxq-cyhy
39
vulnerability VCID-v6z9-pvhr-k7d2
40
vulnerability VCID-wbd6-q158-8khm
41
vulnerability VCID-wg96-fujy-33db
42
vulnerability VCID-wte4-73wa-53fx
43
vulnerability VCID-x1jy-nk1c-6uak
44
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.10
1
url pkg:npm/n8n@2.5.0
purl pkg:npm/n8n@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cxss-9g41-gfb7
12
vulnerability VCID-cyxm-4jde-myc1
13
vulnerability VCID-d1rq-nmws-w3fy
14
vulnerability VCID-d5bn-f87r-vka1
15
vulnerability VCID-d5s2-xbfd-ukg7
16
vulnerability VCID-dm6y-ymh9-u3cm
17
vulnerability VCID-f8r2-7ab1-w3d8
18
vulnerability VCID-g3sy-n7qb-kqat
19
vulnerability VCID-krxn-r6bc-cffu
20
vulnerability VCID-nhbw-hcq1-b3em
21
vulnerability VCID-nva1-tjfr-ckb5
22
vulnerability VCID-p2w8-9t9n-7baw
23
vulnerability VCID-qrf6-n324-ybbj
24
vulnerability VCID-r89t-ywcr-kbev
25
vulnerability VCID-ra9y-br8w-k7au
26
vulnerability VCID-rq3f-24px-ykfk
27
vulnerability VCID-s8p4-nts1-2fh2
28
vulnerability VCID-su1t-s9q1-h7am
29
vulnerability VCID-ty34-7aqe-27gv
30
vulnerability VCID-ubn7-w3vz-hqgb
31
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.0
aliases CVE-2026-25053, GHSA-9g95-qf3f-ggrw
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c4s3-zx71-c7h3
21
url VCID-camv-m2tf-qkac
vulnerability_id VCID-camv-m2tf-qkac
summary n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) belonging to other users on the same instance. The attack abuses a name-based credential resolution path that does not enforce ownership or project scope, combined with a bypass in the credentials permission checker that causes generic HTTP credential types to be skipped during pre-execution validation. Together, these flaws allow a member-role user to resolve another user's credential ID and execute a workflow that decrypts and uses that credential without authorization. Native integration credential types (e.g. `slackApi`, `openAiApi`, `postgres`) are not affected by this issue. This vulnerability affects Community Edition only. Enterprise Edition has additional permission gates on workflow creation and execution that independently block this attack chain. The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Restrict instance access to fully trusted users only, and/or audit credentials stored on the instance and rotate any generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) that may have been exposed. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33663
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06425
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33663
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33663
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33663
3
reference_url https://github.com/advisories/GHSA-m63j-689w-3j35
reference_id GHSA-m63j-689w-3j35
reference_type
scores
url https://github.com/advisories/GHSA-m63j-689w-3j35
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-m63j-689w-3j35
reference_id GHSA-m63j-689w-3j35
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:51:35Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-m63j-689w-3j35
fixed_packages
0
url pkg:npm/n8n@1.123.27
purl pkg:npm/n8n@1.123.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-39dw-4b5k-1bae
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-4crt-c14t-53dq
5
vulnerability VCID-krxn-r6bc-cffu
6
vulnerability VCID-nhbw-hcq1-b3em
7
vulnerability VCID-nva1-tjfr-ckb5
8
vulnerability VCID-rq3f-24px-ykfk
9
vulnerability VCID-su1t-s9q1-h7am
10
vulnerability VCID-v4ft-nvxq-cyhy
11
vulnerability VCID-wte4-73wa-53fx
12
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27
1
url pkg:npm/n8n@2.13.3
purl pkg:npm/n8n@2.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3
2
url pkg:npm/n8n@2.14.1
purl pkg:npm/n8n@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1
aliases CVE-2026-33663, GHSA-m63j-689w-3j35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-camv-m2tf-qkac
22
url VCID-cxss-9g41-gfb7
vulnerability_id VCID-cxss-9g41-gfb7
summary 
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.

An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1470
reference_id
reference_type
scores
0
value 0.02265
scoring_system epss
scoring_elements 0.84993
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1470
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/25c4b9605b420a98d0185a4f01115122a5134d8f
3
reference_url https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/30383d86139f3279a698df8d229eadfefe8627f4
4
reference_url https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce
5
reference_url https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04
reference_id aa4d1e5825829182afa0ad5b81f602638f55fa04
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-27T14:35:25Z/
url https://github.com/n8n-io/n8n/commit/aa4d1e5825829182afa0ad5b81f602638f55fa04
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1470
reference_id CVE-2026-1470
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1470
7
reference_url https://github.com/advisories/GHSA-5xrp-6693-jjx9
reference_id GHSA-5xrp-6693-jjx9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5xrp-6693-jjx9
8
reference_url https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/
reference_id n8n-expression-node-rce
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-27T14:35:25Z/
url https://research.jfrog.com/vulnerabilities/n8n-expression-node-rce/
fixed_packages
0
url pkg:npm/n8n@1.123.17
purl pkg:npm/n8n@1.123.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-6xm5-7kq2-xqdm
10
vulnerability VCID-78yr-xz2p-rkff
11
vulnerability VCID-95f5-4xkw-yuae
12
vulnerability VCID-9bcs-wgnz-m3e8
13
vulnerability VCID-camv-m2tf-qkac
14
vulnerability VCID-cyxm-4jde-myc1
15
vulnerability VCID-d1rq-nmws-w3fy
16
vulnerability VCID-d5bn-f87r-vka1
17
vulnerability VCID-d763-b5fk-g3dm
18
vulnerability VCID-dm6y-ymh9-u3cm
19
vulnerability VCID-f8r2-7ab1-w3d8
20
vulnerability VCID-g3sy-n7qb-kqat
21
vulnerability VCID-krxn-r6bc-cffu
22
vulnerability VCID-nhbw-hcq1-b3em
23
vulnerability VCID-nva1-tjfr-ckb5
24
vulnerability VCID-p2w8-9t9n-7baw
25
vulnerability VCID-qrf6-n324-ybbj
26
vulnerability VCID-r89t-ywcr-kbev
27
vulnerability VCID-ra9y-br8w-k7au
28
vulnerability VCID-rq3f-24px-ykfk
29
vulnerability VCID-s8p4-nts1-2fh2
30
vulnerability VCID-su1t-s9q1-h7am
31
vulnerability VCID-ty34-7aqe-27gv
32
vulnerability VCID-ubn7-w3vz-hqgb
33
vulnerability VCID-umut-3bp5-y3eq
34
vulnerability VCID-v4ft-nvxq-cyhy
35
vulnerability VCID-wbd6-q158-8khm
36
vulnerability VCID-wg96-fujy-33db
37
vulnerability VCID-wte4-73wa-53fx
38
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.17
1
url pkg:npm/n8n@2.4.5
purl pkg:npm/n8n@2.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-9bcs-wgnz-m3e8
11
vulnerability VCID-c4s3-zx71-c7h3
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cyxm-4jde-myc1
14
vulnerability VCID-d1rq-nmws-w3fy
15
vulnerability VCID-d5bn-f87r-vka1
16
vulnerability VCID-d5s2-xbfd-ukg7
17
vulnerability VCID-d763-b5fk-g3dm
18
vulnerability VCID-dm6y-ymh9-u3cm
19
vulnerability VCID-f8r2-7ab1-w3d8
20
vulnerability VCID-g3sy-n7qb-kqat
21
vulnerability VCID-krxn-r6bc-cffu
22
vulnerability VCID-nhbw-hcq1-b3em
23
vulnerability VCID-nva1-tjfr-ckb5
24
vulnerability VCID-p2w8-9t9n-7baw
25
vulnerability VCID-qrf6-n324-ybbj
26
vulnerability VCID-r89t-ywcr-kbev
27
vulnerability VCID-ra9y-br8w-k7au
28
vulnerability VCID-rq3f-24px-ykfk
29
vulnerability VCID-s8p4-nts1-2fh2
30
vulnerability VCID-su1t-s9q1-h7am
31
vulnerability VCID-ty34-7aqe-27gv
32
vulnerability VCID-ubn7-w3vz-hqgb
33
vulnerability VCID-umut-3bp5-y3eq
34
vulnerability VCID-wbd6-q158-8khm
35
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.5
2
url pkg:npm/n8n@2.5.1
purl pkg:npm/n8n@2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d1rq-nmws-w3fy
13
vulnerability VCID-d5bn-f87r-vka1
14
vulnerability VCID-d5s2-xbfd-ukg7
15
vulnerability VCID-dm6y-ymh9-u3cm
16
vulnerability VCID-f8r2-7ab1-w3d8
17
vulnerability VCID-g3sy-n7qb-kqat
18
vulnerability VCID-krxn-r6bc-cffu
19
vulnerability VCID-nhbw-hcq1-b3em
20
vulnerability VCID-nva1-tjfr-ckb5
21
vulnerability VCID-p2w8-9t9n-7baw
22
vulnerability VCID-qrf6-n324-ybbj
23
vulnerability VCID-r89t-ywcr-kbev
24
vulnerability VCID-ra9y-br8w-k7au
25
vulnerability VCID-rq3f-24px-ykfk
26
vulnerability VCID-s8p4-nts1-2fh2
27
vulnerability VCID-su1t-s9q1-h7am
28
vulnerability VCID-ty34-7aqe-27gv
29
vulnerability VCID-ubn7-w3vz-hqgb
30
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.1
aliases CVE-2026-1470, GHSA-5xrp-6693-jjx9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxss-9g41-gfb7
23
url VCID-cy8m-aw8f-zkfx
vulnerability_id VCID-cy8m-aw8f-zkfx
summary n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy (CSP) sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user with permission to create or modify workflows could abuse this to execute malicious scripts with same-origin privileges when other users interact with the crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in version 1.123.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25051
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03978
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25051
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef7323
reference_id ced34c0f93ab4c759a56065965986094d8ef7323
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:22Z/
url https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef7323
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25051
reference_id CVE-2026-25051
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25051
4
reference_url https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9
reference_id e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:22Z/
url https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9
5
reference_url https://github.com/advisories/GHSA-825q-w924-xhgx
reference_id GHSA-825q-w924-xhgx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-825q-w924-xhgx
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx
reference_id GHSA-825q-w924-xhgx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:22Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx
fixed_packages
0
url pkg:npm/n8n@1.122.5
purl pkg:npm/n8n@1.122.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5fsf-m3s8-pfg2
9
vulnerability VCID-5pjr-smm2-pyav
10
vulnerability VCID-6pzv-3t6r-akeq
11
vulnerability VCID-6xm5-7kq2-xqdm
12
vulnerability VCID-78yr-xz2p-rkff
13
vulnerability VCID-95f5-4xkw-yuae
14
vulnerability VCID-9bcs-wgnz-m3e8
15
vulnerability VCID-c4s3-zx71-c7h3
16
vulnerability VCID-camv-m2tf-qkac
17
vulnerability VCID-cxss-9g41-gfb7
18
vulnerability VCID-cyxm-4jde-myc1
19
vulnerability VCID-d1rq-nmws-w3fy
20
vulnerability VCID-d5bn-f87r-vka1
21
vulnerability VCID-d5s2-xbfd-ukg7
22
vulnerability VCID-d763-b5fk-g3dm
23
vulnerability VCID-dm6y-ymh9-u3cm
24
vulnerability VCID-e1c6-5sck-8bas
25
vulnerability VCID-f8r2-7ab1-w3d8
26
vulnerability VCID-fuvy-21q8-fyhh
27
vulnerability VCID-g3sy-n7qb-kqat
28
vulnerability VCID-h9zv-wu1v-83ft
29
vulnerability VCID-krxn-r6bc-cffu
30
vulnerability VCID-ktyh-c1au-6yc7
31
vulnerability VCID-nhbw-hcq1-b3em
32
vulnerability VCID-nva1-tjfr-ckb5
33
vulnerability VCID-p2w8-9t9n-7baw
34
vulnerability VCID-qrf6-n324-ybbj
35
vulnerability VCID-r89t-ywcr-kbev
36
vulnerability VCID-ra9y-br8w-k7au
37
vulnerability VCID-rq3f-24px-ykfk
38
vulnerability VCID-s8p4-nts1-2fh2
39
vulnerability VCID-su1t-s9q1-h7am
40
vulnerability VCID-ty34-7aqe-27gv
41
vulnerability VCID-ubn7-w3vz-hqgb
42
vulnerability VCID-umut-3bp5-y3eq
43
vulnerability VCID-v4ft-nvxq-cyhy
44
vulnerability VCID-v6z9-pvhr-k7d2
45
vulnerability VCID-wbd6-q158-8khm
46
vulnerability VCID-wg96-fujy-33db
47
vulnerability VCID-wte4-73wa-53fx
48
vulnerability VCID-x1jy-nk1c-6uak
49
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.122.5
1
url pkg:npm/n8n@1.123.2
purl pkg:npm/n8n@1.123.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5fsf-m3s8-pfg2
9
vulnerability VCID-5pjr-smm2-pyav
10
vulnerability VCID-6pzv-3t6r-akeq
11
vulnerability VCID-6xm5-7kq2-xqdm
12
vulnerability VCID-78yr-xz2p-rkff
13
vulnerability VCID-95f5-4xkw-yuae
14
vulnerability VCID-9bcs-wgnz-m3e8
15
vulnerability VCID-c4s3-zx71-c7h3
16
vulnerability VCID-camv-m2tf-qkac
17
vulnerability VCID-cxss-9g41-gfb7
18
vulnerability VCID-cyxm-4jde-myc1
19
vulnerability VCID-d1rq-nmws-w3fy
20
vulnerability VCID-d5bn-f87r-vka1
21
vulnerability VCID-d5s2-xbfd-ukg7
22
vulnerability VCID-d763-b5fk-g3dm
23
vulnerability VCID-dm6y-ymh9-u3cm
24
vulnerability VCID-e1c6-5sck-8bas
25
vulnerability VCID-f8r2-7ab1-w3d8
26
vulnerability VCID-fuvy-21q8-fyhh
27
vulnerability VCID-g3sy-n7qb-kqat
28
vulnerability VCID-h9zv-wu1v-83ft
29
vulnerability VCID-krxn-r6bc-cffu
30
vulnerability VCID-ktyh-c1au-6yc7
31
vulnerability VCID-nhbw-hcq1-b3em
32
vulnerability VCID-nva1-tjfr-ckb5
33
vulnerability VCID-p2w8-9t9n-7baw
34
vulnerability VCID-qrf6-n324-ybbj
35
vulnerability VCID-r89t-ywcr-kbev
36
vulnerability VCID-ra9y-br8w-k7au
37
vulnerability VCID-rq3f-24px-ykfk
38
vulnerability VCID-s8p4-nts1-2fh2
39
vulnerability VCID-su1t-s9q1-h7am
40
vulnerability VCID-ty34-7aqe-27gv
41
vulnerability VCID-ubn7-w3vz-hqgb
42
vulnerability VCID-umut-3bp5-y3eq
43
vulnerability VCID-v4ft-nvxq-cyhy
44
vulnerability VCID-v6z9-pvhr-k7d2
45
vulnerability VCID-wbd6-q158-8khm
46
vulnerability VCID-wg96-fujy-33db
47
vulnerability VCID-wte4-73wa-53fx
48
vulnerability VCID-x1jy-nk1c-6uak
49
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.2
aliases CVE-2026-25051, GHSA-825q-w924-xhgx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cy8m-aw8f-zkfx
24
url VCID-cyxm-4jde-myc1
vulnerability_id VCID-cyxm-4jde-myc1
summary n8n has a Guardrail Node Bypass
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/commit/8d0251d1deef256fd3d9176f05dedab62afde918
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/8d0251d1deef256fd3d9176f05dedab62afde918
2
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.0
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.0
3
reference_url https://github.com/advisories/GHSA-fvfv-ppw4-7h2w
reference_id GHSA-fvfv-ppw4-7h2w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fvfv-ppw4-7h2w
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w
reference_id GHSA-fvfv-ppw4-7h2w
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w
fixed_packages
0
url pkg:npm/n8n@2.10.0
purl pkg:npm/n8n@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-6xm5-7kq2-xqdm
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-95f5-4xkw-yuae
8
vulnerability VCID-camv-m2tf-qkac
9
vulnerability VCID-dm6y-ymh9-u3cm
10
vulnerability VCID-f8r2-7ab1-w3d8
11
vulnerability VCID-g3sy-n7qb-kqat
12
vulnerability VCID-krxn-r6bc-cffu
13
vulnerability VCID-nhbw-hcq1-b3em
14
vulnerability VCID-nva1-tjfr-ckb5
15
vulnerability VCID-p2w8-9t9n-7baw
16
vulnerability VCID-qrf6-n324-ybbj
17
vulnerability VCID-r89t-ywcr-kbev
18
vulnerability VCID-ra9y-br8w-k7au
19
vulnerability VCID-rq3f-24px-ykfk
20
vulnerability VCID-su1t-s9q1-h7am
21
vulnerability VCID-ty34-7aqe-27gv
22
vulnerability VCID-ubn7-w3vz-hqgb
23
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.0
aliases GHSA-fvfv-ppw4-7h2w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cyxm-4jde-myc1
25
url VCID-d1rq-nmws-w3fy
vulnerability_id VCID-d1rq-nmws-w3fy
summary n8n has Webhook Forgery on Zendesk Trigger Node
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/commit/3839e310bd4c3002c646c363d1411916fa195151
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/3839e310bd4c3002c646c363d1411916fa195151
2
reference_url https://github.com/n8n-io/n8n/commit/c6520e4e87614fa60c9433e93019e211f19f65f9
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/c6520e4e87614fa60c9433e93019e211f19f65f9
3
reference_url https://github.com/advisories/GHSA-38c7-23hj-2wgq
reference_id GHSA-38c7-23hj-2wgq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-38c7-23hj-2wgq
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-38c7-23hj-2wgq
reference_id GHSA-38c7-23hj-2wgq
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-38c7-23hj-2wgq
fixed_packages
0
url pkg:npm/n8n@1.123.18
purl pkg:npm/n8n@1.123.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-6xm5-7kq2-xqdm
10
vulnerability VCID-78yr-xz2p-rkff
11
vulnerability VCID-95f5-4xkw-yuae
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cyxm-4jde-myc1
14
vulnerability VCID-d5bn-f87r-vka1
15
vulnerability VCID-d763-b5fk-g3dm
16
vulnerability VCID-dm6y-ymh9-u3cm
17
vulnerability VCID-f8r2-7ab1-w3d8
18
vulnerability VCID-g3sy-n7qb-kqat
19
vulnerability VCID-krxn-r6bc-cffu
20
vulnerability VCID-nhbw-hcq1-b3em
21
vulnerability VCID-nva1-tjfr-ckb5
22
vulnerability VCID-p2w8-9t9n-7baw
23
vulnerability VCID-qrf6-n324-ybbj
24
vulnerability VCID-r89t-ywcr-kbev
25
vulnerability VCID-ra9y-br8w-k7au
26
vulnerability VCID-rq3f-24px-ykfk
27
vulnerability VCID-s8p4-nts1-2fh2
28
vulnerability VCID-su1t-s9q1-h7am
29
vulnerability VCID-ty34-7aqe-27gv
30
vulnerability VCID-ubn7-w3vz-hqgb
31
vulnerability VCID-umut-3bp5-y3eq
32
vulnerability VCID-v4ft-nvxq-cyhy
33
vulnerability VCID-wbd6-q158-8khm
34
vulnerability VCID-wg96-fujy-33db
35
vulnerability VCID-wte4-73wa-53fx
36
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.18
1
url pkg:npm/n8n@2.6.2
purl pkg:npm/n8n@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d5bn-f87r-vka1
13
vulnerability VCID-dm6y-ymh9-u3cm
14
vulnerability VCID-f8r2-7ab1-w3d8
15
vulnerability VCID-g3sy-n7qb-kqat
16
vulnerability VCID-krxn-r6bc-cffu
17
vulnerability VCID-nhbw-hcq1-b3em
18
vulnerability VCID-nva1-tjfr-ckb5
19
vulnerability VCID-p2w8-9t9n-7baw
20
vulnerability VCID-qrf6-n324-ybbj
21
vulnerability VCID-r89t-ywcr-kbev
22
vulnerability VCID-ra9y-br8w-k7au
23
vulnerability VCID-rq3f-24px-ykfk
24
vulnerability VCID-s8p4-nts1-2fh2
25
vulnerability VCID-su1t-s9q1-h7am
26
vulnerability VCID-ty34-7aqe-27gv
27
vulnerability VCID-ubn7-w3vz-hqgb
28
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.6.2
aliases GHSA-38c7-23hj-2wgq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1rq-nmws-w3fy
26
url VCID-d5bn-f87r-vka1
vulnerability_id VCID-d5bn-f87r-vka1
summary n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an OAuth flow against a credential object the attacker controls, causing the victim's OAuth tokens to be stored in the attacker's credential. The attacker can then use those tokens to execute workflows in their name. This issue only affects instances where `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true` is explicitly configured (non-default). The issue has been fixed in n8n version 2.8.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Avoid enabling `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true` unless strictly required, and/ or restrict access to the n8n instance to fully trusted users only. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33720
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02867
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33720
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33720
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33720
3
reference_url https://github.com/advisories/GHSA-vpgc-2f6g-7w7x
reference_id GHSA-vpgc-2f6g-7w7x
reference_type
scores
url https://github.com/advisories/GHSA-vpgc-2f6g-7w7x
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-vpgc-2f6g-7w7x
reference_id GHSA-vpgc-2f6g-7w7x
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:07:38Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-vpgc-2f6g-7w7x
fixed_packages
0
url pkg:npm/n8n@2.8.0
purl pkg:npm/n8n@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-6xm5-7kq2-xqdm
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-95f5-4xkw-yuae
8
vulnerability VCID-camv-m2tf-qkac
9
vulnerability VCID-cyxm-4jde-myc1
10
vulnerability VCID-dm6y-ymh9-u3cm
11
vulnerability VCID-f8r2-7ab1-w3d8
12
vulnerability VCID-g3sy-n7qb-kqat
13
vulnerability VCID-krxn-r6bc-cffu
14
vulnerability VCID-nhbw-hcq1-b3em
15
vulnerability VCID-nva1-tjfr-ckb5
16
vulnerability VCID-p2w8-9t9n-7baw
17
vulnerability VCID-qrf6-n324-ybbj
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-ra9y-br8w-k7au
20
vulnerability VCID-rq3f-24px-ykfk
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-ubn7-w3vz-hqgb
24
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.8.0
aliases CVE-2026-33720, GHSA-vpgc-2f6g-7w7x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5bn-f87r-vka1
27
url VCID-d5s2-xbfd-ukg7
vulnerability_id VCID-d5s2-xbfd-ukg7
summary n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25049
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.16895
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25049
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d
reference_id 7860896909b3d42993a36297f053d2b0e633235d
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:21Z/
url https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d
3
reference_url https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d54b
reference_id 936c06cfc1ad269a89e8ef7f8ac79c104436d54b
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:21Z/
url https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d54b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25049
reference_id CVE-2026-25049
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25049
5
reference_url https://github.com/advisories/GHSA-6cqr-8cfr-67f8
reference_id GHSA-6cqr-8cfr-67f8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6cqr-8cfr-67f8
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8
reference_id GHSA-6cqr-8cfr-67f8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:21Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8
fixed_packages
0
url pkg:npm/n8n@1.123.17
purl pkg:npm/n8n@1.123.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-6xm5-7kq2-xqdm
10
vulnerability VCID-78yr-xz2p-rkff
11
vulnerability VCID-95f5-4xkw-yuae
12
vulnerability VCID-9bcs-wgnz-m3e8
13
vulnerability VCID-camv-m2tf-qkac
14
vulnerability VCID-cyxm-4jde-myc1
15
vulnerability VCID-d1rq-nmws-w3fy
16
vulnerability VCID-d5bn-f87r-vka1
17
vulnerability VCID-d763-b5fk-g3dm
18
vulnerability VCID-dm6y-ymh9-u3cm
19
vulnerability VCID-f8r2-7ab1-w3d8
20
vulnerability VCID-g3sy-n7qb-kqat
21
vulnerability VCID-krxn-r6bc-cffu
22
vulnerability VCID-nhbw-hcq1-b3em
23
vulnerability VCID-nva1-tjfr-ckb5
24
vulnerability VCID-p2w8-9t9n-7baw
25
vulnerability VCID-qrf6-n324-ybbj
26
vulnerability VCID-r89t-ywcr-kbev
27
vulnerability VCID-ra9y-br8w-k7au
28
vulnerability VCID-rq3f-24px-ykfk
29
vulnerability VCID-s8p4-nts1-2fh2
30
vulnerability VCID-su1t-s9q1-h7am
31
vulnerability VCID-ty34-7aqe-27gv
32
vulnerability VCID-ubn7-w3vz-hqgb
33
vulnerability VCID-umut-3bp5-y3eq
34
vulnerability VCID-v4ft-nvxq-cyhy
35
vulnerability VCID-wbd6-q158-8khm
36
vulnerability VCID-wg96-fujy-33db
37
vulnerability VCID-wte4-73wa-53fx
38
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.17
1
url pkg:npm/n8n@2.5.2
purl pkg:npm/n8n@2.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d1rq-nmws-w3fy
13
vulnerability VCID-d5bn-f87r-vka1
14
vulnerability VCID-dm6y-ymh9-u3cm
15
vulnerability VCID-f8r2-7ab1-w3d8
16
vulnerability VCID-g3sy-n7qb-kqat
17
vulnerability VCID-krxn-r6bc-cffu
18
vulnerability VCID-nhbw-hcq1-b3em
19
vulnerability VCID-nva1-tjfr-ckb5
20
vulnerability VCID-p2w8-9t9n-7baw
21
vulnerability VCID-qrf6-n324-ybbj
22
vulnerability VCID-r89t-ywcr-kbev
23
vulnerability VCID-ra9y-br8w-k7au
24
vulnerability VCID-rq3f-24px-ykfk
25
vulnerability VCID-s8p4-nts1-2fh2
26
vulnerability VCID-su1t-s9q1-h7am
27
vulnerability VCID-ty34-7aqe-27gv
28
vulnerability VCID-ubn7-w3vz-hqgb
29
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.2
aliases CVE-2026-25049, GHSA-6cqr-8cfr-67f8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5s2-xbfd-ukg7
28
url VCID-d763-b5fk-g3dm
vulnerability_id VCID-d763-b5fk-g3dm
summary n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key, potentially injecting malicious content into workflows or intercepting repository data. This issue only affects instances where the Source Control feature has been explicitly enabled and configured to use SSH (non-default). The issue has been fixed in n8n version 2.5.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Disable the Source Control feature if it is not actively required, and/or restrict network access to ensure the n8n instance communicates with the Git server only over trusted, controlled network paths. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33724
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04367
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33724
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33724
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33724
3
reference_url https://github.com/advisories/GHSA-43v7-fp2v-68f6
reference_id GHSA-43v7-fp2v-68f6
reference_type
scores
url https://github.com/advisories/GHSA-43v7-fp2v-68f6
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-43v7-fp2v-68f6
reference_id GHSA-43v7-fp2v-68f6
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:05:11Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-43v7-fp2v-68f6
fixed_packages
0
url pkg:npm/n8n@2.5.0
purl pkg:npm/n8n@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cxss-9g41-gfb7
12
vulnerability VCID-cyxm-4jde-myc1
13
vulnerability VCID-d1rq-nmws-w3fy
14
vulnerability VCID-d5bn-f87r-vka1
15
vulnerability VCID-d5s2-xbfd-ukg7
16
vulnerability VCID-dm6y-ymh9-u3cm
17
vulnerability VCID-f8r2-7ab1-w3d8
18
vulnerability VCID-g3sy-n7qb-kqat
19
vulnerability VCID-krxn-r6bc-cffu
20
vulnerability VCID-nhbw-hcq1-b3em
21
vulnerability VCID-nva1-tjfr-ckb5
22
vulnerability VCID-p2w8-9t9n-7baw
23
vulnerability VCID-qrf6-n324-ybbj
24
vulnerability VCID-r89t-ywcr-kbev
25
vulnerability VCID-ra9y-br8w-k7au
26
vulnerability VCID-rq3f-24px-ykfk
27
vulnerability VCID-s8p4-nts1-2fh2
28
vulnerability VCID-su1t-s9q1-h7am
29
vulnerability VCID-ty34-7aqe-27gv
30
vulnerability VCID-ubn7-w3vz-hqgb
31
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.0
aliases CVE-2026-33724, GHSA-43v7-fp2v-68f6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d763-b5fk-g3dm
29
url VCID-d7g4-89n1-y7e7
vulnerability_id VCID-d7g4-89n1-y7e7
summary n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain patterns (e.g., *.example.com) in the "Allowed domains" setting. This issue is fixed in version 1.121.0 and later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25631
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07508
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25631
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25631
reference_id CVE-2026-25631
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25631
3
reference_url https://github.com/advisories/GHSA-2xcx-75h9-vr9h
reference_id GHSA-2xcx-75h9-vr9h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xcx-75h9-vr9h
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-2xcx-75h9-vr9h
reference_id GHSA-2xcx-75h9-vr9h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T21:06:21Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-2xcx-75h9-vr9h
fixed_packages
0
url pkg:npm/n8n@1.121.0
purl pkg:npm/n8n@1.121.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5pjr-smm2-pyav
11
vulnerability VCID-6pzv-3t6r-akeq
12
vulnerability VCID-6xm5-7kq2-xqdm
13
vulnerability VCID-78yr-xz2p-rkff
14
vulnerability VCID-95f5-4xkw-yuae
15
vulnerability VCID-9bcs-wgnz-m3e8
16
vulnerability VCID-b5ba-g4u9-jkgx
17
vulnerability VCID-c4s3-zx71-c7h3
18
vulnerability VCID-camv-m2tf-qkac
19
vulnerability VCID-cxss-9g41-gfb7
20
vulnerability VCID-cy8m-aw8f-zkfx
21
vulnerability VCID-cyxm-4jde-myc1
22
vulnerability VCID-d1rq-nmws-w3fy
23
vulnerability VCID-d5bn-f87r-vka1
24
vulnerability VCID-d5s2-xbfd-ukg7
25
vulnerability VCID-d763-b5fk-g3dm
26
vulnerability VCID-dm6y-ymh9-u3cm
27
vulnerability VCID-e1c6-5sck-8bas
28
vulnerability VCID-f8r2-7ab1-w3d8
29
vulnerability VCID-fuvy-21q8-fyhh
30
vulnerability VCID-g3sy-n7qb-kqat
31
vulnerability VCID-h9zv-wu1v-83ft
32
vulnerability VCID-krxn-r6bc-cffu
33
vulnerability VCID-ktyh-c1au-6yc7
34
vulnerability VCID-nhbw-hcq1-b3em
35
vulnerability VCID-nva1-tjfr-ckb5
36
vulnerability VCID-p2w8-9t9n-7baw
37
vulnerability VCID-qrf6-n324-ybbj
38
vulnerability VCID-r89t-ywcr-kbev
39
vulnerability VCID-ra9y-br8w-k7au
40
vulnerability VCID-rq3f-24px-ykfk
41
vulnerability VCID-s8p4-nts1-2fh2
42
vulnerability VCID-su1t-s9q1-h7am
43
vulnerability VCID-ty34-7aqe-27gv
44
vulnerability VCID-ubn7-w3vz-hqgb
45
vulnerability VCID-umut-3bp5-y3eq
46
vulnerability VCID-v4ft-nvxq-cyhy
47
vulnerability VCID-v6z9-pvhr-k7d2
48
vulnerability VCID-wbd6-q158-8khm
49
vulnerability VCID-wg96-fujy-33db
50
vulnerability VCID-wte4-73wa-53fx
51
vulnerability VCID-x1jy-nk1c-6uak
52
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.121.0
aliases CVE-2026-25631, GHSA-2xcx-75h9-vr9h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7g4-89n1-y7e7
30
url VCID-dm6y-ymh9-u3cm
vulnerability_id VCID-dm6y-ymh9-u3cm
summary n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27577
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38836
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27577
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6
reference_id 1479aab2d32fe0ee087f82b9038b1035c98be2f6
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/
url https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6
3
reference_url https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e
reference_id 9e5212ecbc5d2d4e6f340b636a5e84be6369882e
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/
url https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27577
reference_id CVE-2026-27577
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27577
5
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
reference_id GHSA-v98v-ff95-f3cp
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
6
reference_url https://github.com/advisories/GHSA-vpcf-gvg4-6qwr
reference_id GHSA-vpcf-gvg4-6qwr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vpcf-gvg4-6qwr
7
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr
reference_id GHSA-vpcf-gvg4-6qwr
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr
8
reference_url https://docs.n8n.io/hosting/securing/overview
reference_id overview
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/
url https://docs.n8n.io/hosting/securing/overview
fixed_packages
0
url pkg:npm/n8n@1.123.22
purl pkg:npm/n8n@1.123.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d5bn-f87r-vka1
13
vulnerability VCID-d763-b5fk-g3dm
14
vulnerability VCID-f8r2-7ab1-w3d8
15
vulnerability VCID-krxn-r6bc-cffu
16
vulnerability VCID-nhbw-hcq1-b3em
17
vulnerability VCID-nva1-tjfr-ckb5
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-rq3f-24px-ykfk
20
vulnerability VCID-s8p4-nts1-2fh2
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-umut-3bp5-y3eq
24
vulnerability VCID-v4ft-nvxq-cyhy
25
vulnerability VCID-wg96-fujy-33db
26
vulnerability VCID-wte4-73wa-53fx
27
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22
1
url pkg:npm/n8n@2.0.0-rc.0
purl pkg:npm/n8n@2.0.0-rc.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18zg-q45k-d3f3
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-3p4c-nkcn-hkey
4
vulnerability VCID-5fsf-m3s8-pfg2
5
vulnerability VCID-6pzv-3t6r-akeq
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-camv-m2tf-qkac
8
vulnerability VCID-cyxm-4jde-myc1
9
vulnerability VCID-d5bn-f87r-vka1
10
vulnerability VCID-d763-b5fk-g3dm
11
vulnerability VCID-e1c6-5sck-8bas
12
vulnerability VCID-f8r2-7ab1-w3d8
13
vulnerability VCID-h9zv-wu1v-83ft
14
vulnerability VCID-r89t-ywcr-kbev
15
vulnerability VCID-ra9y-br8w-k7au
16
vulnerability VCID-s8p4-nts1-2fh2
17
vulnerability VCID-ty34-7aqe-27gv
18
vulnerability VCID-umut-3bp5-y3eq
19
vulnerability VCID-v6z9-pvhr-k7d2
20
vulnerability VCID-wbd6-q158-8khm
21
vulnerability VCID-wg96-fujy-33db
22
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0
2
url pkg:npm/n8n@2.9.3
purl pkg:npm/n8n@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-cyxm-4jde-myc1
8
vulnerability VCID-f8r2-7ab1-w3d8
9
vulnerability VCID-krxn-r6bc-cffu
10
vulnerability VCID-nhbw-hcq1-b3em
11
vulnerability VCID-nva1-tjfr-ckb5
12
vulnerability VCID-r89t-ywcr-kbev
13
vulnerability VCID-rq3f-24px-ykfk
14
vulnerability VCID-su1t-s9q1-h7am
15
vulnerability VCID-ty34-7aqe-27gv
16
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3
3
url pkg:npm/n8n@2.10.1
purl pkg:npm/n8n@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-f8r2-7ab1-w3d8
8
vulnerability VCID-krxn-r6bc-cffu
9
vulnerability VCID-nhbw-hcq1-b3em
10
vulnerability VCID-nva1-tjfr-ckb5
11
vulnerability VCID-r89t-ywcr-kbev
12
vulnerability VCID-rq3f-24px-ykfk
13
vulnerability VCID-su1t-s9q1-h7am
14
vulnerability VCID-ty34-7aqe-27gv
15
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1
aliases CVE-2026-27577, GHSA-vpcf-gvg4-6qwr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dm6y-ymh9-u3cm
31
url VCID-et9c-dh4q-3qcy
vulnerability_id VCID-et9c-dh4q-3qcy
summary n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57749
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39097
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57749
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/c2c3e08cdf33570d9051e659812cbfbdd3c077fd
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/c2c3e08cdf33570d9051e659812cbfbdd3c077fd
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57749
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57749
4
reference_url https://github.com/n8n-io/n8n/pull/17735
reference_id 17735
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T14:43:03Z/
url https://github.com/n8n-io/n8n/pull/17735
5
reference_url https://github.com/advisories/GHSA-ggjm-f3g4-rwmm
reference_id GHSA-ggjm-f3g4-rwmm
reference_type
scores
url https://github.com/advisories/GHSA-ggjm-f3g4-rwmm
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm
reference_id GHSA-ggjm-f3g4-rwmm
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T14:43:03Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm
fixed_packages
0
url pkg:npm/n8n@1.106.0
purl pkg:npm/n8n@1.106.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5mhm-99u3-ruec
11
vulnerability VCID-5pjr-smm2-pyav
12
vulnerability VCID-63n8-hy1m-3ke5
13
vulnerability VCID-6pzv-3t6r-akeq
14
vulnerability VCID-6xm5-7kq2-xqdm
15
vulnerability VCID-78yr-xz2p-rkff
16
vulnerability VCID-95f5-4xkw-yuae
17
vulnerability VCID-9bcs-wgnz-m3e8
18
vulnerability VCID-b5ba-g4u9-jkgx
19
vulnerability VCID-c232-fvfd-3fda
20
vulnerability VCID-c4s3-zx71-c7h3
21
vulnerability VCID-camv-m2tf-qkac
22
vulnerability VCID-cxss-9g41-gfb7
23
vulnerability VCID-cy8m-aw8f-zkfx
24
vulnerability VCID-cyxm-4jde-myc1
25
vulnerability VCID-d1rq-nmws-w3fy
26
vulnerability VCID-d5bn-f87r-vka1
27
vulnerability VCID-d5s2-xbfd-ukg7
28
vulnerability VCID-d763-b5fk-g3dm
29
vulnerability VCID-d7g4-89n1-y7e7
30
vulnerability VCID-dm6y-ymh9-u3cm
31
vulnerability VCID-e1c6-5sck-8bas
32
vulnerability VCID-f8r2-7ab1-w3d8
33
vulnerability VCID-fuvy-21q8-fyhh
34
vulnerability VCID-g3sy-n7qb-kqat
35
vulnerability VCID-h9zv-wu1v-83ft
36
vulnerability VCID-krxn-r6bc-cffu
37
vulnerability VCID-ktyh-c1au-6yc7
38
vulnerability VCID-kw94-d9qx-3qf9
39
vulnerability VCID-nh3d-mzxr-j7dy
40
vulnerability VCID-nhbw-hcq1-b3em
41
vulnerability VCID-nva1-tjfr-ckb5
42
vulnerability VCID-p2w8-9t9n-7baw
43
vulnerability VCID-qkka-4nty-sqh1
44
vulnerability VCID-qrf6-n324-ybbj
45
vulnerability VCID-r89t-ywcr-kbev
46
vulnerability VCID-ra9y-br8w-k7au
47
vulnerability VCID-rq3f-24px-ykfk
48
vulnerability VCID-s86a-mpj9-dfhg
49
vulnerability VCID-s8p4-nts1-2fh2
50
vulnerability VCID-st8g-2xn4-97b9
51
vulnerability VCID-su1t-s9q1-h7am
52
vulnerability VCID-ty34-7aqe-27gv
53
vulnerability VCID-ubn7-w3vz-hqgb
54
vulnerability VCID-umut-3bp5-y3eq
55
vulnerability VCID-v4ft-nvxq-cyhy
56
vulnerability VCID-v6z9-pvhr-k7d2
57
vulnerability VCID-wbd6-q158-8khm
58
vulnerability VCID-wg96-fujy-33db
59
vulnerability VCID-wte4-73wa-53fx
60
vulnerability VCID-x1jy-nk1c-6uak
61
vulnerability VCID-xf7g-p8s2-rqbj
62
vulnerability VCID-xnnq-fzcn-7fbg
63
vulnerability VCID-xsuv-1w6k-akeu
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.106.0
aliases CVE-2025-57749, GHSA-ggjm-f3g4-rwmm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et9c-dh4q-3qcy
32
url VCID-f8r2-7ab1-w3d8
vulnerability_id VCID-f8r2-7ab1-w3d8
summary n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endpoint served such responses inline on the n8n origin without `Content-Disposition` or `Content-Security-Policy` headers, allowing the HTML to render in the browser with full same-origin JavaScript access. By sending the resulting URL to a higher-privileged user, an attacker could execute JavaScript in the victim's authenticated session, enabling exfiltration of workflows and credentials, modification of workflows, or privilege escalation to admin. The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or restrict network access to the n8n instance to prevent untrusted users from accessing binary data URLs. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33749
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15914
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33749
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33749
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33749
3
reference_url https://github.com/advisories/GHSA-qfc3-hm4j-7q77
reference_id GHSA-qfc3-hm4j-7q77
reference_type
scores
url https://github.com/advisories/GHSA-qfc3-hm4j-7q77
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77
reference_id GHSA-qfc3-hm4j-7q77
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:07:00Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77
fixed_packages
0
url pkg:npm/n8n@1.123.27
purl pkg:npm/n8n@1.123.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-39dw-4b5k-1bae
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-4crt-c14t-53dq
5
vulnerability VCID-krxn-r6bc-cffu
6
vulnerability VCID-nhbw-hcq1-b3em
7
vulnerability VCID-nva1-tjfr-ckb5
8
vulnerability VCID-rq3f-24px-ykfk
9
vulnerability VCID-su1t-s9q1-h7am
10
vulnerability VCID-v4ft-nvxq-cyhy
11
vulnerability VCID-wte4-73wa-53fx
12
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27
1
url pkg:npm/n8n@2.13.3
purl pkg:npm/n8n@2.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3
2
url pkg:npm/n8n@2.14.1
purl pkg:npm/n8n@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1
aliases CVE-2026-33749, GHSA-qfc3-hm4j-7q77
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8r2-7ab1-w3d8
33
url VCID-fuvy-21q8-fyhh
vulnerability_id VCID-fuvy-21q8-fyhh
summary n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary shell commands on the n8n host. The issue has been fixed in n8n versions 2.2.0 and 1.123.8. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Read/Write Files from Disk node by adding `n8n-nodes-base.readWriteFile` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27498
reference_id
reference_type
scores
0
value 0.00594
scoring_system epss
scoring_elements 0.69759
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27498
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/97365caf253978ba8e46d7bc53fa7ac3b6f67b32
reference_id 97365caf253978ba8e46d7bc53fa7ac3b6f67b32
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value 9.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/
url https://github.com/n8n-io/n8n/commit/97365caf253978ba8e46d7bc53fa7ac3b6f67b32
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27498
reference_id CVE-2026-27498
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27498
4
reference_url https://github.com/n8n-io/n8n/commit/e22acaab3dcb2004e5fe0bf9ef2db975bde61866
reference_id e22acaab3dcb2004e5fe0bf9ef2db975bde61866
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value 9.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/
url https://github.com/n8n-io/n8n/commit/e22acaab3dcb2004e5fe0bf9ef2db975bde61866
5
reference_url https://github.com/advisories/GHSA-x2mw-7j39-93xq
reference_id GHSA-x2mw-7j39-93xq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2mw-7j39-93xq
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-x2mw-7j39-93xq
reference_id GHSA-x2mw-7j39-93xq
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value 9.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
4
value CRITICAL
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-x2mw-7j39-93xq
7
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.8
reference_id n8n@1.123.8
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value 9.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.8
8
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.2.0
reference_id n8n@2.2.0
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value 9.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:20:10Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.2.0
fixed_packages
0
url pkg:npm/n8n@1.123.8
purl pkg:npm/n8n@1.123.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5fsf-m3s8-pfg2
9
vulnerability VCID-5pjr-smm2-pyav
10
vulnerability VCID-6pzv-3t6r-akeq
11
vulnerability VCID-6xm5-7kq2-xqdm
12
vulnerability VCID-78yr-xz2p-rkff
13
vulnerability VCID-95f5-4xkw-yuae
14
vulnerability VCID-9bcs-wgnz-m3e8
15
vulnerability VCID-c4s3-zx71-c7h3
16
vulnerability VCID-camv-m2tf-qkac
17
vulnerability VCID-cxss-9g41-gfb7
18
vulnerability VCID-cyxm-4jde-myc1
19
vulnerability VCID-d1rq-nmws-w3fy
20
vulnerability VCID-d5bn-f87r-vka1
21
vulnerability VCID-d5s2-xbfd-ukg7
22
vulnerability VCID-d763-b5fk-g3dm
23
vulnerability VCID-dm6y-ymh9-u3cm
24
vulnerability VCID-e1c6-5sck-8bas
25
vulnerability VCID-f8r2-7ab1-w3d8
26
vulnerability VCID-g3sy-n7qb-kqat
27
vulnerability VCID-h9zv-wu1v-83ft
28
vulnerability VCID-krxn-r6bc-cffu
29
vulnerability VCID-ktyh-c1au-6yc7
30
vulnerability VCID-nhbw-hcq1-b3em
31
vulnerability VCID-nva1-tjfr-ckb5
32
vulnerability VCID-p2w8-9t9n-7baw
33
vulnerability VCID-qrf6-n324-ybbj
34
vulnerability VCID-r89t-ywcr-kbev
35
vulnerability VCID-ra9y-br8w-k7au
36
vulnerability VCID-rq3f-24px-ykfk
37
vulnerability VCID-s8p4-nts1-2fh2
38
vulnerability VCID-su1t-s9q1-h7am
39
vulnerability VCID-ty34-7aqe-27gv
40
vulnerability VCID-ubn7-w3vz-hqgb
41
vulnerability VCID-umut-3bp5-y3eq
42
vulnerability VCID-v4ft-nvxq-cyhy
43
vulnerability VCID-v6z9-pvhr-k7d2
44
vulnerability VCID-wbd6-q158-8khm
45
vulnerability VCID-wg96-fujy-33db
46
vulnerability VCID-wte4-73wa-53fx
47
vulnerability VCID-x1jy-nk1c-6uak
48
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.8
1
url pkg:npm/n8n@2.2.0
purl pkg:npm/n8n@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-5pjr-smm2-pyav
7
vulnerability VCID-6pzv-3t6r-akeq
8
vulnerability VCID-6xm5-7kq2-xqdm
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-95f5-4xkw-yuae
11
vulnerability VCID-9bcs-wgnz-m3e8
12
vulnerability VCID-c4s3-zx71-c7h3
13
vulnerability VCID-camv-m2tf-qkac
14
vulnerability VCID-cxss-9g41-gfb7
15
vulnerability VCID-cyxm-4jde-myc1
16
vulnerability VCID-d1rq-nmws-w3fy
17
vulnerability VCID-d5bn-f87r-vka1
18
vulnerability VCID-d5s2-xbfd-ukg7
19
vulnerability VCID-d763-b5fk-g3dm
20
vulnerability VCID-dm6y-ymh9-u3cm
21
vulnerability VCID-f8r2-7ab1-w3d8
22
vulnerability VCID-g3sy-n7qb-kqat
23
vulnerability VCID-krxn-r6bc-cffu
24
vulnerability VCID-ktyh-c1au-6yc7
25
vulnerability VCID-nhbw-hcq1-b3em
26
vulnerability VCID-nva1-tjfr-ckb5
27
vulnerability VCID-p2w8-9t9n-7baw
28
vulnerability VCID-qrf6-n324-ybbj
29
vulnerability VCID-r89t-ywcr-kbev
30
vulnerability VCID-ra9y-br8w-k7au
31
vulnerability VCID-rq3f-24px-ykfk
32
vulnerability VCID-s86a-mpj9-dfhg
33
vulnerability VCID-s8p4-nts1-2fh2
34
vulnerability VCID-su1t-s9q1-h7am
35
vulnerability VCID-ty34-7aqe-27gv
36
vulnerability VCID-ubn7-w3vz-hqgb
37
vulnerability VCID-umut-3bp5-y3eq
38
vulnerability VCID-v6z9-pvhr-k7d2
39
vulnerability VCID-wbd6-q158-8khm
40
vulnerability VCID-wg96-fujy-33db
41
vulnerability VCID-xf7g-p8s2-rqbj
42
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.2.0
aliases CVE-2026-27498, GHSA-x2mw-7j39-93xq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuvy-21q8-fyhh
34
url VCID-g3sy-n7qb-kqat
vulnerability_id VCID-g3sy-n7qb-kqat
summary n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host. The vulnerability requires a specific workflow configuration to be exploitable. First, a form node with a field interpolating a value provided by an unauthenticated user, e.g. a form submitted value. Second, the field value must begin with an `=` character, which caused n8n to treat it as an expression and triggered a double-evaluation of the field content. There is no practical reason for a workflow designer to prefix a field with `=` intentionally — the character is not rendered in the output, so the result would not match the designer's expectations. If added accidentally, it would be noticeable and very unlikely to persist. An unauthenticated attacker would need to either know about this specific circumstance on a target instance or discover a matching form by chance. Even when the preconditions are met, the expression injection alone is limited to data accessible within the n8n expression context. Escalation to remote code execution requires chaining with a separate sandbox escape vulnerability. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Review usage of form nodes manually for above mentioned preconditions, disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable, and/or disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27493
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50406
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27493
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/issues/19
reference_id 19
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/
url https://github.com/n8n-io/n8n/issues/19
3
reference_url https://github.com/n8n-io/n8n/commit/562d867483e871b0f1e31776252e23bd721df75b
reference_id 562d867483e871b0f1e31776252e23bd721df75b
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/
url https://github.com/n8n-io/n8n/commit/562d867483e871b0f1e31776252e23bd721df75b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27493
reference_id CVE-2026-27493
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27493
5
reference_url https://github.com/advisories/GHSA-75g8-rv7v-32f7
reference_id GHSA-75g8-rv7v-32f7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75g8-rv7v-32f7
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7
reference_id GHSA-75g8-rv7v-32f7
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7
7
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
reference_id n8n@1.123.22
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
8
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
reference_id n8n@2.10.1
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
9
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
reference_id n8n@2.9.3
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
fixed_packages
0
url pkg:npm/n8n@1.123.22
purl pkg:npm/n8n@1.123.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d5bn-f87r-vka1
13
vulnerability VCID-d763-b5fk-g3dm
14
vulnerability VCID-f8r2-7ab1-w3d8
15
vulnerability VCID-krxn-r6bc-cffu
16
vulnerability VCID-nhbw-hcq1-b3em
17
vulnerability VCID-nva1-tjfr-ckb5
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-rq3f-24px-ykfk
20
vulnerability VCID-s8p4-nts1-2fh2
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-umut-3bp5-y3eq
24
vulnerability VCID-v4ft-nvxq-cyhy
25
vulnerability VCID-wg96-fujy-33db
26
vulnerability VCID-wte4-73wa-53fx
27
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22
1
url pkg:npm/n8n@2.0.0-rc.0
purl pkg:npm/n8n@2.0.0-rc.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18zg-q45k-d3f3
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-3p4c-nkcn-hkey
4
vulnerability VCID-5fsf-m3s8-pfg2
5
vulnerability VCID-6pzv-3t6r-akeq
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-camv-m2tf-qkac
8
vulnerability VCID-cyxm-4jde-myc1
9
vulnerability VCID-d5bn-f87r-vka1
10
vulnerability VCID-d763-b5fk-g3dm
11
vulnerability VCID-e1c6-5sck-8bas
12
vulnerability VCID-f8r2-7ab1-w3d8
13
vulnerability VCID-h9zv-wu1v-83ft
14
vulnerability VCID-r89t-ywcr-kbev
15
vulnerability VCID-ra9y-br8w-k7au
16
vulnerability VCID-s8p4-nts1-2fh2
17
vulnerability VCID-ty34-7aqe-27gv
18
vulnerability VCID-umut-3bp5-y3eq
19
vulnerability VCID-v6z9-pvhr-k7d2
20
vulnerability VCID-wbd6-q158-8khm
21
vulnerability VCID-wg96-fujy-33db
22
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0
2
url pkg:npm/n8n@2.9.3
purl pkg:npm/n8n@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-cyxm-4jde-myc1
8
vulnerability VCID-f8r2-7ab1-w3d8
9
vulnerability VCID-krxn-r6bc-cffu
10
vulnerability VCID-nhbw-hcq1-b3em
11
vulnerability VCID-nva1-tjfr-ckb5
12
vulnerability VCID-r89t-ywcr-kbev
13
vulnerability VCID-rq3f-24px-ykfk
14
vulnerability VCID-su1t-s9q1-h7am
15
vulnerability VCID-ty34-7aqe-27gv
16
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3
3
url pkg:npm/n8n@2.10.1
purl pkg:npm/n8n@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-f8r2-7ab1-w3d8
8
vulnerability VCID-krxn-r6bc-cffu
9
vulnerability VCID-nhbw-hcq1-b3em
10
vulnerability VCID-nva1-tjfr-ckb5
11
vulnerability VCID-r89t-ywcr-kbev
12
vulnerability VCID-rq3f-24px-ykfk
13
vulnerability VCID-su1t-s9q1-h7am
14
vulnerability VCID-ty34-7aqe-27gv
15
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1
aliases CVE-2026-27493, GHSA-75g8-rv7v-32f7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3sy-n7qb-kqat
35
url VCID-krxn-r6bc-cffu
vulnerability_id VCID-krxn-r6bc-cffu
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. The MCP enable/disable toggle gates MCP access but did not restrict client registrations, meaning the endpoint is reachable regardless of whether MCP access is enabled on the instance. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42236
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37306
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42236
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42236
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42236
3
reference_url https://github.com/advisories/GHSA-49m9-pgww-9vq6
reference_id GHSA-49m9-pgww-9vq6
reference_type
scores
url https://github.com/advisories/GHSA-49m9-pgww-9vq6
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6
reference_id GHSA-49m9-pgww-9vq6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:59:10Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42236, GHSA-49m9-pgww-9vq6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-krxn-r6bc-cffu
36
url VCID-ktyh-c1au-6yc7
vulnerability_id VCID-ktyh-c1au-6yc7
summary n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. This issue has been patched in versions 1.123.12 and 2.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25055
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.39362
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25055
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/528ad6b982d0519ec170e172f57b7fdbbe175230
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/528ad6b982d0519ec170e172f57b7fdbbe175230
3
reference_url https://github.com/n8n-io/n8n/commit/e0baf48c6a54808f6dbca8cb352bfa306092c223
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/e0baf48c6a54808f6dbca8cb352bfa306092c223
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25055
reference_id CVE-2026-25055
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25055
5
reference_url https://github.com/advisories/GHSA-m82q-59gv-mcr9
reference_id GHSA-m82q-59gv-mcr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m82q-59gv-mcr9
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9
reference_id GHSA-m82q-59gv-mcr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:20Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9
fixed_packages
0
url pkg:npm/n8n@1.123.12
purl pkg:npm/n8n@1.123.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-6xm5-7kq2-xqdm
10
vulnerability VCID-78yr-xz2p-rkff
11
vulnerability VCID-95f5-4xkw-yuae
12
vulnerability VCID-9bcs-wgnz-m3e8
13
vulnerability VCID-camv-m2tf-qkac
14
vulnerability VCID-cxss-9g41-gfb7
15
vulnerability VCID-cyxm-4jde-myc1
16
vulnerability VCID-d1rq-nmws-w3fy
17
vulnerability VCID-d5bn-f87r-vka1
18
vulnerability VCID-d5s2-xbfd-ukg7
19
vulnerability VCID-d763-b5fk-g3dm
20
vulnerability VCID-dm6y-ymh9-u3cm
21
vulnerability VCID-f8r2-7ab1-w3d8
22
vulnerability VCID-g3sy-n7qb-kqat
23
vulnerability VCID-krxn-r6bc-cffu
24
vulnerability VCID-nhbw-hcq1-b3em
25
vulnerability VCID-nva1-tjfr-ckb5
26
vulnerability VCID-p2w8-9t9n-7baw
27
vulnerability VCID-qrf6-n324-ybbj
28
vulnerability VCID-r89t-ywcr-kbev
29
vulnerability VCID-ra9y-br8w-k7au
30
vulnerability VCID-rq3f-24px-ykfk
31
vulnerability VCID-s8p4-nts1-2fh2
32
vulnerability VCID-su1t-s9q1-h7am
33
vulnerability VCID-ty34-7aqe-27gv
34
vulnerability VCID-ubn7-w3vz-hqgb
35
vulnerability VCID-umut-3bp5-y3eq
36
vulnerability VCID-v4ft-nvxq-cyhy
37
vulnerability VCID-wbd6-q158-8khm
38
vulnerability VCID-wg96-fujy-33db
39
vulnerability VCID-wte4-73wa-53fx
40
vulnerability VCID-x1jy-nk1c-6uak
41
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.12
1
url pkg:npm/n8n@2.4.0
purl pkg:npm/n8n@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-9bcs-wgnz-m3e8
11
vulnerability VCID-c4s3-zx71-c7h3
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cxss-9g41-gfb7
14
vulnerability VCID-cyxm-4jde-myc1
15
vulnerability VCID-d1rq-nmws-w3fy
16
vulnerability VCID-d5bn-f87r-vka1
17
vulnerability VCID-d5s2-xbfd-ukg7
18
vulnerability VCID-d763-b5fk-g3dm
19
vulnerability VCID-dm6y-ymh9-u3cm
20
vulnerability VCID-f8r2-7ab1-w3d8
21
vulnerability VCID-g3sy-n7qb-kqat
22
vulnerability VCID-krxn-r6bc-cffu
23
vulnerability VCID-nhbw-hcq1-b3em
24
vulnerability VCID-nva1-tjfr-ckb5
25
vulnerability VCID-p2w8-9t9n-7baw
26
vulnerability VCID-qrf6-n324-ybbj
27
vulnerability VCID-r89t-ywcr-kbev
28
vulnerability VCID-ra9y-br8w-k7au
29
vulnerability VCID-rq3f-24px-ykfk
30
vulnerability VCID-s8p4-nts1-2fh2
31
vulnerability VCID-su1t-s9q1-h7am
32
vulnerability VCID-ty34-7aqe-27gv
33
vulnerability VCID-ubn7-w3vz-hqgb
34
vulnerability VCID-umut-3bp5-y3eq
35
vulnerability VCID-wbd6-q158-8khm
36
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.0
aliases CVE-2026-25055, GHSA-m82q-59gv-mcr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ktyh-c1au-6yc7
37
url VCID-kw94-d9qx-3qf9
vulnerability_id VCID-kw94-d9qx-3qf9
summary n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62726
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44785
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62726
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/pull/19559
reference_id 19559
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T18:19:00Z/
url https://github.com/n8n-io/n8n/pull/19559
3
reference_url https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997
reference_id 5bf3db5ba84d3195bbe11bbd3c62f7086e090997
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T18:19:00Z/
url https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62726
reference_id CVE-2025-62726
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62726
5
reference_url https://github.com/advisories/GHSA-xgp7-7qjq-vg47
reference_id GHSA-xgp7-7qjq-vg47
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xgp7-7qjq-vg47
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47
reference_id GHSA-xgp7-7qjq-vg47
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T18:19:00Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47
fixed_packages
0
url pkg:npm/n8n@1.113.0
purl pkg:npm/n8n@1.113.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5mhm-99u3-ruec
11
vulnerability VCID-5pjr-smm2-pyav
12
vulnerability VCID-63n8-hy1m-3ke5
13
vulnerability VCID-6pzv-3t6r-akeq
14
vulnerability VCID-6xm5-7kq2-xqdm
15
vulnerability VCID-78yr-xz2p-rkff
16
vulnerability VCID-95f5-4xkw-yuae
17
vulnerability VCID-9bcs-wgnz-m3e8
18
vulnerability VCID-b5ba-g4u9-jkgx
19
vulnerability VCID-c232-fvfd-3fda
20
vulnerability VCID-c4s3-zx71-c7h3
21
vulnerability VCID-camv-m2tf-qkac
22
vulnerability VCID-cxss-9g41-gfb7
23
vulnerability VCID-cy8m-aw8f-zkfx
24
vulnerability VCID-cyxm-4jde-myc1
25
vulnerability VCID-d1rq-nmws-w3fy
26
vulnerability VCID-d5bn-f87r-vka1
27
vulnerability VCID-d5s2-xbfd-ukg7
28
vulnerability VCID-d763-b5fk-g3dm
29
vulnerability VCID-d7g4-89n1-y7e7
30
vulnerability VCID-dm6y-ymh9-u3cm
31
vulnerability VCID-e1c6-5sck-8bas
32
vulnerability VCID-f8r2-7ab1-w3d8
33
vulnerability VCID-fuvy-21q8-fyhh
34
vulnerability VCID-g3sy-n7qb-kqat
35
vulnerability VCID-h9zv-wu1v-83ft
36
vulnerability VCID-krxn-r6bc-cffu
37
vulnerability VCID-ktyh-c1au-6yc7
38
vulnerability VCID-nh3d-mzxr-j7dy
39
vulnerability VCID-nhbw-hcq1-b3em
40
vulnerability VCID-nva1-tjfr-ckb5
41
vulnerability VCID-p2w8-9t9n-7baw
42
vulnerability VCID-qkka-4nty-sqh1
43
vulnerability VCID-qrf6-n324-ybbj
44
vulnerability VCID-r89t-ywcr-kbev
45
vulnerability VCID-ra9y-br8w-k7au
46
vulnerability VCID-rq3f-24px-ykfk
47
vulnerability VCID-s86a-mpj9-dfhg
48
vulnerability VCID-s8p4-nts1-2fh2
49
vulnerability VCID-st8g-2xn4-97b9
50
vulnerability VCID-su1t-s9q1-h7am
51
vulnerability VCID-ty34-7aqe-27gv
52
vulnerability VCID-ubn7-w3vz-hqgb
53
vulnerability VCID-umut-3bp5-y3eq
54
vulnerability VCID-v4ft-nvxq-cyhy
55
vulnerability VCID-v6z9-pvhr-k7d2
56
vulnerability VCID-wbd6-q158-8khm
57
vulnerability VCID-wg96-fujy-33db
58
vulnerability VCID-wte4-73wa-53fx
59
vulnerability VCID-x1jy-nk1c-6uak
60
vulnerability VCID-xf7g-p8s2-rqbj
61
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.113.0
aliases CVE-2025-62726, GHSA-xgp7-7qjq-vg47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kw94-d9qx-3qf9
38
url VCID-nh3d-mzxr-j7dy
vulnerability_id VCID-nh3d-mzxr-j7dy
summary n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced in version 1.103.0. This behavior can enable a malicious actor with workflow creation permissions to execute arbitrary JavaScript in the context of the n8n editor interface. This issue has been patched in version 1.114.0. Workarounds for this issue involve restricting workflow creation and modification privileges to trusted users only, avoiding use of untrusted HTML responses in the “Respond to Webhook” node, and using an external reverse proxy or HTML sanitizer to filter responses that include executable scripts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61914
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00703
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61914
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61914
reference_id CVE-2025-61914
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61914
3
reference_url https://github.com/advisories/GHSA-58jc-rcg5-95f3
reference_id GHSA-58jc-rcg5-95f3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-58jc-rcg5-95f3
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-58jc-rcg5-95f3
reference_id GHSA-58jc-rcg5-95f3
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-26T21:54:28Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-58jc-rcg5-95f3
fixed_packages
0
url pkg:npm/n8n@1.114.0
purl pkg:npm/n8n@1.114.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5mhm-99u3-ruec
11
vulnerability VCID-5pjr-smm2-pyav
12
vulnerability VCID-63n8-hy1m-3ke5
13
vulnerability VCID-6pzv-3t6r-akeq
14
vulnerability VCID-6xm5-7kq2-xqdm
15
vulnerability VCID-78yr-xz2p-rkff
16
vulnerability VCID-95f5-4xkw-yuae
17
vulnerability VCID-9bcs-wgnz-m3e8
18
vulnerability VCID-b5ba-g4u9-jkgx
19
vulnerability VCID-c232-fvfd-3fda
20
vulnerability VCID-c4s3-zx71-c7h3
21
vulnerability VCID-camv-m2tf-qkac
22
vulnerability VCID-cxss-9g41-gfb7
23
vulnerability VCID-cy8m-aw8f-zkfx
24
vulnerability VCID-cyxm-4jde-myc1
25
vulnerability VCID-d1rq-nmws-w3fy
26
vulnerability VCID-d5bn-f87r-vka1
27
vulnerability VCID-d5s2-xbfd-ukg7
28
vulnerability VCID-d763-b5fk-g3dm
29
vulnerability VCID-d7g4-89n1-y7e7
30
vulnerability VCID-dm6y-ymh9-u3cm
31
vulnerability VCID-e1c6-5sck-8bas
32
vulnerability VCID-f8r2-7ab1-w3d8
33
vulnerability VCID-fuvy-21q8-fyhh
34
vulnerability VCID-g3sy-n7qb-kqat
35
vulnerability VCID-h9zv-wu1v-83ft
36
vulnerability VCID-krxn-r6bc-cffu
37
vulnerability VCID-ktyh-c1au-6yc7
38
vulnerability VCID-nhbw-hcq1-b3em
39
vulnerability VCID-nva1-tjfr-ckb5
40
vulnerability VCID-p2w8-9t9n-7baw
41
vulnerability VCID-qkka-4nty-sqh1
42
vulnerability VCID-qrf6-n324-ybbj
43
vulnerability VCID-r89t-ywcr-kbev
44
vulnerability VCID-ra9y-br8w-k7au
45
vulnerability VCID-rq3f-24px-ykfk
46
vulnerability VCID-s86a-mpj9-dfhg
47
vulnerability VCID-s8p4-nts1-2fh2
48
vulnerability VCID-st8g-2xn4-97b9
49
vulnerability VCID-su1t-s9q1-h7am
50
vulnerability VCID-ty34-7aqe-27gv
51
vulnerability VCID-ubn7-w3vz-hqgb
52
vulnerability VCID-umut-3bp5-y3eq
53
vulnerability VCID-v4ft-nvxq-cyhy
54
vulnerability VCID-v6z9-pvhr-k7d2
55
vulnerability VCID-wbd6-q158-8khm
56
vulnerability VCID-wg96-fujy-33db
57
vulnerability VCID-wte4-73wa-53fx
58
vulnerability VCID-x1jy-nk1c-6uak
59
vulnerability VCID-xf7g-p8s2-rqbj
60
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.114.0
aliases CVE-2025-61914, GHSA-58jc-rcg5-95f3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh3d-mzxr-j7dy
39
url VCID-nhbw-hcq1-b3em
vulnerability_id VCID-nhbw-hcq1-b3em
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforcing project membership checks, bypassing the authorization-aware service layer used by the internal enterprise controller. If variables were misused to store sensitive information such as credentials or tokens, they should be rotated immediately. This issue only affects licensed enterprise or team deployments with multiple projects and the variables feature enabled. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42227
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11812
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42227
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42227
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42227
3
reference_url https://github.com/advisories/GHSA-756q-gq9h-fp22
reference_id GHSA-756q-gq9h-fp22
reference_type
scores
url https://github.com/advisories/GHSA-756q-gq9h-fp22
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22
reference_id GHSA-756q-gq9h-fp22
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:26Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42227, GHSA-756q-gq9h-fp22
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbw-hcq1-b3em
40
url VCID-nva1-tjfr-ckb5
vulnerability_id VCID-nva1-tjfr-ckb5
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42228
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25477
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42228
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42228
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42228
3
reference_url https://github.com/advisories/GHSA-f77h-j2v7-g6mw
reference_id GHSA-f77h-j2v7-g6mw
reference_type
scores
url https://github.com/advisories/GHSA-f77h-j2v7-g6mw
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw
reference_id GHSA-f77h-j2v7-g6mw
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T13:47:46Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42228, GHSA-f77h-j2v7-g6mw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nva1-tjfr-ckb5
41
url VCID-p2w8-9t9n-7baw
vulnerability_id VCID-p2w8-9t9n-7baw
summary n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to limit the blast radius. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27495
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.27879
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27495
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27495
reference_id CVE-2026-27495
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27495
3
reference_url https://github.com/advisories/GHSA-jjpj-p2wh-qf23
reference_id GHSA-jjpj-p2wh-qf23
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjpj-p2wh-qf23
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23
reference_id GHSA-jjpj-p2wh-qf23
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23
5
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
reference_id n8n@1.123.22
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
6
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
reference_id n8n@2.10.1
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
7
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
reference_id n8n@2.9.3
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
8
reference_url https://docs.n8n.io/hosting/configuration/task-runners
reference_id task-runners
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/
url https://docs.n8n.io/hosting/configuration/task-runners
fixed_packages
0
url pkg:npm/n8n@1.123.22
purl pkg:npm/n8n@1.123.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d5bn-f87r-vka1
13
vulnerability VCID-d763-b5fk-g3dm
14
vulnerability VCID-f8r2-7ab1-w3d8
15
vulnerability VCID-krxn-r6bc-cffu
16
vulnerability VCID-nhbw-hcq1-b3em
17
vulnerability VCID-nva1-tjfr-ckb5
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-rq3f-24px-ykfk
20
vulnerability VCID-s8p4-nts1-2fh2
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-umut-3bp5-y3eq
24
vulnerability VCID-v4ft-nvxq-cyhy
25
vulnerability VCID-wg96-fujy-33db
26
vulnerability VCID-wte4-73wa-53fx
27
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22
1
url pkg:npm/n8n@2.0.0-rc.0
purl pkg:npm/n8n@2.0.0-rc.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18zg-q45k-d3f3
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-3p4c-nkcn-hkey
4
vulnerability VCID-5fsf-m3s8-pfg2
5
vulnerability VCID-6pzv-3t6r-akeq
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-camv-m2tf-qkac
8
vulnerability VCID-cyxm-4jde-myc1
9
vulnerability VCID-d5bn-f87r-vka1
10
vulnerability VCID-d763-b5fk-g3dm
11
vulnerability VCID-e1c6-5sck-8bas
12
vulnerability VCID-f8r2-7ab1-w3d8
13
vulnerability VCID-h9zv-wu1v-83ft
14
vulnerability VCID-r89t-ywcr-kbev
15
vulnerability VCID-ra9y-br8w-k7au
16
vulnerability VCID-s8p4-nts1-2fh2
17
vulnerability VCID-ty34-7aqe-27gv
18
vulnerability VCID-umut-3bp5-y3eq
19
vulnerability VCID-v6z9-pvhr-k7d2
20
vulnerability VCID-wbd6-q158-8khm
21
vulnerability VCID-wg96-fujy-33db
22
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0
2
url pkg:npm/n8n@2.9.3
purl pkg:npm/n8n@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-cyxm-4jde-myc1
8
vulnerability VCID-f8r2-7ab1-w3d8
9
vulnerability VCID-krxn-r6bc-cffu
10
vulnerability VCID-nhbw-hcq1-b3em
11
vulnerability VCID-nva1-tjfr-ckb5
12
vulnerability VCID-r89t-ywcr-kbev
13
vulnerability VCID-rq3f-24px-ykfk
14
vulnerability VCID-su1t-s9q1-h7am
15
vulnerability VCID-ty34-7aqe-27gv
16
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3
3
url pkg:npm/n8n@2.10.1
purl pkg:npm/n8n@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-f8r2-7ab1-w3d8
8
vulnerability VCID-krxn-r6bc-cffu
9
vulnerability VCID-nhbw-hcq1-b3em
10
vulnerability VCID-nva1-tjfr-ckb5
11
vulnerability VCID-r89t-ywcr-kbev
12
vulnerability VCID-rq3f-24px-ykfk
13
vulnerability VCID-su1t-s9q1-h7am
14
vulnerability VCID-ty34-7aqe-27gv
15
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1
aliases CVE-2026-27495, GHSA-jjpj-p2wh-qf23
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2w8-9t9n-7baw
42
url VCID-qrf6-n324-ybbj
vulnerability_id VCID-qrf6-n324-ybbj
summary n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27497
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22844
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27497
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27497
reference_id CVE-2026-27497
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27497
3
reference_url https://github.com/advisories/GHSA-wxx7-mcgf-j869
reference_id GHSA-wxx7-mcgf-j869
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxx7-mcgf-j869
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869
reference_id GHSA-wxx7-mcgf-j869
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869
5
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
reference_id n8n@1.123.22
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
6
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
reference_id n8n@2.10.1
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
7
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
reference_id n8n@2.9.3
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
fixed_packages
0
url pkg:npm/n8n@1.123.22
purl pkg:npm/n8n@1.123.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d5bn-f87r-vka1
13
vulnerability VCID-d763-b5fk-g3dm
14
vulnerability VCID-f8r2-7ab1-w3d8
15
vulnerability VCID-krxn-r6bc-cffu
16
vulnerability VCID-nhbw-hcq1-b3em
17
vulnerability VCID-nva1-tjfr-ckb5
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-rq3f-24px-ykfk
20
vulnerability VCID-s8p4-nts1-2fh2
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-umut-3bp5-y3eq
24
vulnerability VCID-v4ft-nvxq-cyhy
25
vulnerability VCID-wg96-fujy-33db
26
vulnerability VCID-wte4-73wa-53fx
27
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22
1
url pkg:npm/n8n@2.0.0-rc.0
purl pkg:npm/n8n@2.0.0-rc.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18zg-q45k-d3f3
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-3p4c-nkcn-hkey
4
vulnerability VCID-5fsf-m3s8-pfg2
5
vulnerability VCID-6pzv-3t6r-akeq
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-camv-m2tf-qkac
8
vulnerability VCID-cyxm-4jde-myc1
9
vulnerability VCID-d5bn-f87r-vka1
10
vulnerability VCID-d763-b5fk-g3dm
11
vulnerability VCID-e1c6-5sck-8bas
12
vulnerability VCID-f8r2-7ab1-w3d8
13
vulnerability VCID-h9zv-wu1v-83ft
14
vulnerability VCID-r89t-ywcr-kbev
15
vulnerability VCID-ra9y-br8w-k7au
16
vulnerability VCID-s8p4-nts1-2fh2
17
vulnerability VCID-ty34-7aqe-27gv
18
vulnerability VCID-umut-3bp5-y3eq
19
vulnerability VCID-v6z9-pvhr-k7d2
20
vulnerability VCID-wbd6-q158-8khm
21
vulnerability VCID-wg96-fujy-33db
22
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0
2
url pkg:npm/n8n@2.9.3
purl pkg:npm/n8n@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-cyxm-4jde-myc1
8
vulnerability VCID-f8r2-7ab1-w3d8
9
vulnerability VCID-krxn-r6bc-cffu
10
vulnerability VCID-nhbw-hcq1-b3em
11
vulnerability VCID-nva1-tjfr-ckb5
12
vulnerability VCID-r89t-ywcr-kbev
13
vulnerability VCID-rq3f-24px-ykfk
14
vulnerability VCID-su1t-s9q1-h7am
15
vulnerability VCID-ty34-7aqe-27gv
16
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3
3
url pkg:npm/n8n@2.10.1
purl pkg:npm/n8n@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-f8r2-7ab1-w3d8
8
vulnerability VCID-krxn-r6bc-cffu
9
vulnerability VCID-nhbw-hcq1-b3em
10
vulnerability VCID-nva1-tjfr-ckb5
11
vulnerability VCID-r89t-ywcr-kbev
12
vulnerability VCID-rq3f-24px-ykfk
13
vulnerability VCID-su1t-s9q1-h7am
14
vulnerability VCID-ty34-7aqe-27gv
15
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1
aliases CVE-2026-27497, GHSA-wxx7-mcgf-j869
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrf6-n324-ybbj
43
url VCID-r89t-ywcr-kbev
vulnerability_id VCID-r89t-ywcr-kbev
summary 
n8n has a Stored XSS Vulnerability in its Form Trigger
## Impact
An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form, enabling form submission hijacking and phishing. The existing Content Security Policy prevents direct n8n session cookie theft but does not prevent script execution or form action manipulation.

## Patches
The issue has been fixed in n8n versions 2.12.0, 2.11.2, and 1.123.25. Users should upgrade to one of these versions or later to remediate the vulnerability.

## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g
2
reference_url https://github.com/advisories/GHSA-q4fm-pjq6-m63g
reference_id GHSA-q4fm-pjq6-m63g
reference_type
scores
url https://github.com/advisories/GHSA-q4fm-pjq6-m63g
fixed_packages
0
url pkg:npm/n8n@1.123.25
purl pkg:npm/n8n@1.123.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-39dw-4b5k-1bae
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-4crt-c14t-53dq
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-78yr-xz2p-rkff
8
vulnerability VCID-camv-m2tf-qkac
9
vulnerability VCID-d5bn-f87r-vka1
10
vulnerability VCID-d763-b5fk-g3dm
11
vulnerability VCID-f8r2-7ab1-w3d8
12
vulnerability VCID-krxn-r6bc-cffu
13
vulnerability VCID-nhbw-hcq1-b3em
14
vulnerability VCID-nva1-tjfr-ckb5
15
vulnerability VCID-rq3f-24px-ykfk
16
vulnerability VCID-su1t-s9q1-h7am
17
vulnerability VCID-ty34-7aqe-27gv
18
vulnerability VCID-umut-3bp5-y3eq
19
vulnerability VCID-v4ft-nvxq-cyhy
20
vulnerability VCID-wte4-73wa-53fx
21
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.25
1
url pkg:npm/n8n@2.11.2
purl pkg:npm/n8n@2.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-f8r2-7ab1-w3d8
8
vulnerability VCID-krxn-r6bc-cffu
9
vulnerability VCID-nhbw-hcq1-b3em
10
vulnerability VCID-nva1-tjfr-ckb5
11
vulnerability VCID-rq3f-24px-ykfk
12
vulnerability VCID-su1t-s9q1-h7am
13
vulnerability VCID-ty34-7aqe-27gv
14
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.11.2
aliases GHSA-q4fm-pjq6-m63g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r89t-ywcr-kbev
44
url VCID-ra9y-br8w-k7au
vulnerability_id VCID-ra9y-br8w-k7au
summary n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens — resulting in information disclosure of sensitive in-process data. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. In external runner mode, the impact is limited to data within the external runner process. The issue has been fixed in n8n versions 1.123.22, 2.10.1 , and 2.9.3. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to isolate the runner process. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27496
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12722
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27496
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27496
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27496
3
reference_url https://docs.n8n.io/hosting/securing/blocking-nodes
reference_id blocking-nodes
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/
url https://docs.n8n.io/hosting/securing/blocking-nodes
4
reference_url https://github.com/advisories/GHSA-xvh5-5qg4-x9qp
reference_id GHSA-xvh5-5qg4-x9qp
reference_type
scores
url https://github.com/advisories/GHSA-xvh5-5qg4-x9qp
5
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-xvh5-5qg4-x9qp
reference_id GHSA-xvh5-5qg4-x9qp
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-xvh5-5qg4-x9qp
6
reference_url https://docs.n8n.io/hosting/configuration/task-runners
reference_id task-runners
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/
url https://docs.n8n.io/hosting/configuration/task-runners
fixed_packages
0
url pkg:npm/n8n@1.123.22
purl pkg:npm/n8n@1.123.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d5bn-f87r-vka1
13
vulnerability VCID-d763-b5fk-g3dm
14
vulnerability VCID-f8r2-7ab1-w3d8
15
vulnerability VCID-krxn-r6bc-cffu
16
vulnerability VCID-nhbw-hcq1-b3em
17
vulnerability VCID-nva1-tjfr-ckb5
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-rq3f-24px-ykfk
20
vulnerability VCID-s8p4-nts1-2fh2
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-umut-3bp5-y3eq
24
vulnerability VCID-v4ft-nvxq-cyhy
25
vulnerability VCID-wg96-fujy-33db
26
vulnerability VCID-wte4-73wa-53fx
27
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22
1
url pkg:npm/n8n@2.9.3
purl pkg:npm/n8n@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-cyxm-4jde-myc1
8
vulnerability VCID-f8r2-7ab1-w3d8
9
vulnerability VCID-krxn-r6bc-cffu
10
vulnerability VCID-nhbw-hcq1-b3em
11
vulnerability VCID-nva1-tjfr-ckb5
12
vulnerability VCID-r89t-ywcr-kbev
13
vulnerability VCID-rq3f-24px-ykfk
14
vulnerability VCID-su1t-s9q1-h7am
15
vulnerability VCID-ty34-7aqe-27gv
16
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3
2
url pkg:npm/n8n@2.10.1
purl pkg:npm/n8n@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-f8r2-7ab1-w3d8
8
vulnerability VCID-krxn-r6bc-cffu
9
vulnerability VCID-nhbw-hcq1-b3em
10
vulnerability VCID-nva1-tjfr-ckb5
11
vulnerability VCID-r89t-ywcr-kbev
12
vulnerability VCID-rq3f-24px-ykfk
13
vulnerability VCID-su1t-s9q1-h7am
14
vulnerability VCID-ty34-7aqe-27gv
15
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1
aliases CVE-2026-27496, GHSA-xvh5-5qg4-x9qp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ra9y-br8w-k7au
45
url VCID-rq3f-24px-ykfk
vulnerability_id VCID-rq3f-24px-ykfk
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirect_uri without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks "Deny" on the consent page, they are silently redirected to an external site. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42230
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17771
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42230
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42230
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42230
3
reference_url https://github.com/advisories/GHSA-f6x8-65q6-j9m9
reference_id GHSA-f6x8-65q6-j9m9
reference_type
scores
url https://github.com/advisories/GHSA-f6x8-65q6-j9m9
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9
reference_id GHSA-f6x8-65q6-j9m9
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:55:49Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42230, GHSA-f6x8-65q6-j9m9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rq3f-24px-ykfk
46
url VCID-s86a-mpj9-dfhg
vulnerability_id VCID-s86a-mpj9-dfhg
summary n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25056
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45364
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25056
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25056
reference_id CVE-2026-25056
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25056
3
reference_url https://github.com/advisories/GHSA-hv53-3329-vmrm
reference_id GHSA-hv53-3329-vmrm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hv53-3329-vmrm
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm
reference_id GHSA-hv53-3329-vmrm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:17Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm
fixed_packages
0
url pkg:npm/n8n@1.118.0
purl pkg:npm/n8n@1.118.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5pjr-smm2-pyav
11
vulnerability VCID-63n8-hy1m-3ke5
12
vulnerability VCID-6pzv-3t6r-akeq
13
vulnerability VCID-6xm5-7kq2-xqdm
14
vulnerability VCID-78yr-xz2p-rkff
15
vulnerability VCID-95f5-4xkw-yuae
16
vulnerability VCID-9bcs-wgnz-m3e8
17
vulnerability VCID-b5ba-g4u9-jkgx
18
vulnerability VCID-c232-fvfd-3fda
19
vulnerability VCID-c4s3-zx71-c7h3
20
vulnerability VCID-camv-m2tf-qkac
21
vulnerability VCID-cxss-9g41-gfb7
22
vulnerability VCID-cy8m-aw8f-zkfx
23
vulnerability VCID-cyxm-4jde-myc1
24
vulnerability VCID-d1rq-nmws-w3fy
25
vulnerability VCID-d5bn-f87r-vka1
26
vulnerability VCID-d5s2-xbfd-ukg7
27
vulnerability VCID-d763-b5fk-g3dm
28
vulnerability VCID-d7g4-89n1-y7e7
29
vulnerability VCID-dm6y-ymh9-u3cm
30
vulnerability VCID-e1c6-5sck-8bas
31
vulnerability VCID-f8r2-7ab1-w3d8
32
vulnerability VCID-fuvy-21q8-fyhh
33
vulnerability VCID-g3sy-n7qb-kqat
34
vulnerability VCID-h9zv-wu1v-83ft
35
vulnerability VCID-krxn-r6bc-cffu
36
vulnerability VCID-ktyh-c1au-6yc7
37
vulnerability VCID-nhbw-hcq1-b3em
38
vulnerability VCID-nva1-tjfr-ckb5
39
vulnerability VCID-p2w8-9t9n-7baw
40
vulnerability VCID-qkka-4nty-sqh1
41
vulnerability VCID-qrf6-n324-ybbj
42
vulnerability VCID-r89t-ywcr-kbev
43
vulnerability VCID-ra9y-br8w-k7au
44
vulnerability VCID-rq3f-24px-ykfk
45
vulnerability VCID-s8p4-nts1-2fh2
46
vulnerability VCID-su1t-s9q1-h7am
47
vulnerability VCID-ty34-7aqe-27gv
48
vulnerability VCID-ubn7-w3vz-hqgb
49
vulnerability VCID-umut-3bp5-y3eq
50
vulnerability VCID-v4ft-nvxq-cyhy
51
vulnerability VCID-v6z9-pvhr-k7d2
52
vulnerability VCID-wbd6-q158-8khm
53
vulnerability VCID-wg96-fujy-33db
54
vulnerability VCID-wte4-73wa-53fx
55
vulnerability VCID-x1jy-nk1c-6uak
56
vulnerability VCID-xf7g-p8s2-rqbj
57
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.118.0
1
url pkg:npm/n8n@2.4.0
purl pkg:npm/n8n@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-9bcs-wgnz-m3e8
11
vulnerability VCID-c4s3-zx71-c7h3
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cxss-9g41-gfb7
14
vulnerability VCID-cyxm-4jde-myc1
15
vulnerability VCID-d1rq-nmws-w3fy
16
vulnerability VCID-d5bn-f87r-vka1
17
vulnerability VCID-d5s2-xbfd-ukg7
18
vulnerability VCID-d763-b5fk-g3dm
19
vulnerability VCID-dm6y-ymh9-u3cm
20
vulnerability VCID-f8r2-7ab1-w3d8
21
vulnerability VCID-g3sy-n7qb-kqat
22
vulnerability VCID-krxn-r6bc-cffu
23
vulnerability VCID-nhbw-hcq1-b3em
24
vulnerability VCID-nva1-tjfr-ckb5
25
vulnerability VCID-p2w8-9t9n-7baw
26
vulnerability VCID-qrf6-n324-ybbj
27
vulnerability VCID-r89t-ywcr-kbev
28
vulnerability VCID-ra9y-br8w-k7au
29
vulnerability VCID-rq3f-24px-ykfk
30
vulnerability VCID-s8p4-nts1-2fh2
31
vulnerability VCID-su1t-s9q1-h7am
32
vulnerability VCID-ty34-7aqe-27gv
33
vulnerability VCID-ubn7-w3vz-hqgb
34
vulnerability VCID-umut-3bp5-y3eq
35
vulnerability VCID-wbd6-q158-8khm
36
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.0
aliases CVE-2026-25056, GHSA-hv53-3329-vmrm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s86a-mpj9-dfhg
47
url VCID-s8p4-nts1-2fh2
vulnerability_id VCID-s8p4-nts1-2fh2
summary n8n has an SSO Enforcement Bypass in its Self-Service Settings API
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/commit/a70b2ea379086da3de103bb84811e88cadf29976
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/a70b2ea379086da3de103bb84811e88cadf29976
2
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.8.0
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.8.0
3
reference_url https://github.com/advisories/GHSA-vjf3-2gpj-233v
reference_id GHSA-vjf3-2gpj-233v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vjf3-2gpj-233v
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-vjf3-2gpj-233v
reference_id GHSA-vjf3-2gpj-233v
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-vjf3-2gpj-233v
fixed_packages
0
url pkg:npm/n8n@2.8.0
purl pkg:npm/n8n@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-6xm5-7kq2-xqdm
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-95f5-4xkw-yuae
8
vulnerability VCID-camv-m2tf-qkac
9
vulnerability VCID-cyxm-4jde-myc1
10
vulnerability VCID-dm6y-ymh9-u3cm
11
vulnerability VCID-f8r2-7ab1-w3d8
12
vulnerability VCID-g3sy-n7qb-kqat
13
vulnerability VCID-krxn-r6bc-cffu
14
vulnerability VCID-nhbw-hcq1-b3em
15
vulnerability VCID-nva1-tjfr-ckb5
16
vulnerability VCID-p2w8-9t9n-7baw
17
vulnerability VCID-qrf6-n324-ybbj
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-ra9y-br8w-k7au
20
vulnerability VCID-rq3f-24px-ykfk
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-ubn7-w3vz-hqgb
24
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.8.0
aliases GHSA-vjf3-2gpj-233v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8p4-nts1-2fh2
48
url VCID-ssr2-5x7e-9uf7
vulnerability_id VCID-ssr2-5x7e-9uf7
summary n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com), credential or 2FA theft if users are tricked into re-entering sensitive information, and/or reputation risk due to the visual similarity between attacker-controlled domains and trusted ones. The vulnerability affects anyone hosting n8n and exposing the `/signin` endpoint to users. The issue has been patched in version 1.98.0. All users should upgrade to this version or later. The fix introduces strict origin validation for redirect URLs, ensuring only same-origin or relative paths are allowed after login.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49592
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.39294
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49592
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49592
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49592
3
reference_url https://github.com/n8n-io/n8n/pull/16034
reference_id 16034
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T19:56:57Z/
url https://github.com/n8n-io/n8n/pull/16034
4
reference_url https://github.com/n8n-io/n8n/commit/4865d1e360a0fe7b045e295b5e1a29daad12314e
reference_id 4865d1e360a0fe7b045e295b5e1a29daad12314e
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T19:56:57Z/
url https://github.com/n8n-io/n8n/commit/4865d1e360a0fe7b045e295b5e1a29daad12314e
5
reference_url https://github.com/advisories/GHSA-5vj6-wjr7-5v9f
reference_id GHSA-5vj6-wjr7-5v9f
reference_type
scores
url https://github.com/advisories/GHSA-5vj6-wjr7-5v9f
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-5vj6-wjr7-5v9f
reference_id GHSA-5vj6-wjr7-5v9f
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T19:56:57Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-5vj6-wjr7-5v9f
7
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n%401.98.0
reference_id n8n%401.98.0
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-26T19:56:57Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n%401.98.0
fixed_packages
0
url pkg:npm/n8n@1.98.0
purl pkg:npm/n8n@1.98.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5mhm-99u3-ruec
11
vulnerability VCID-5pjr-smm2-pyav
12
vulnerability VCID-63n8-hy1m-3ke5
13
vulnerability VCID-6pzv-3t6r-akeq
14
vulnerability VCID-6xm5-7kq2-xqdm
15
vulnerability VCID-727u-nmx9-xuf3
16
vulnerability VCID-78yr-xz2p-rkff
17
vulnerability VCID-95f5-4xkw-yuae
18
vulnerability VCID-9bcs-wgnz-m3e8
19
vulnerability VCID-b5ba-g4u9-jkgx
20
vulnerability VCID-c232-fvfd-3fda
21
vulnerability VCID-c4s3-zx71-c7h3
22
vulnerability VCID-camv-m2tf-qkac
23
vulnerability VCID-cxss-9g41-gfb7
24
vulnerability VCID-cy8m-aw8f-zkfx
25
vulnerability VCID-cyxm-4jde-myc1
26
vulnerability VCID-d1rq-nmws-w3fy
27
vulnerability VCID-d5bn-f87r-vka1
28
vulnerability VCID-d5s2-xbfd-ukg7
29
vulnerability VCID-d763-b5fk-g3dm
30
vulnerability VCID-d7g4-89n1-y7e7
31
vulnerability VCID-dm6y-ymh9-u3cm
32
vulnerability VCID-e1c6-5sck-8bas
33
vulnerability VCID-et9c-dh4q-3qcy
34
vulnerability VCID-f8r2-7ab1-w3d8
35
vulnerability VCID-fuvy-21q8-fyhh
36
vulnerability VCID-fy3d-ykem-3fgr
37
vulnerability VCID-g3sy-n7qb-kqat
38
vulnerability VCID-h9zv-wu1v-83ft
39
vulnerability VCID-krxn-r6bc-cffu
40
vulnerability VCID-ktyh-c1au-6yc7
41
vulnerability VCID-kw94-d9qx-3qf9
42
vulnerability VCID-nh3d-mzxr-j7dy
43
vulnerability VCID-nhbw-hcq1-b3em
44
vulnerability VCID-nva1-tjfr-ckb5
45
vulnerability VCID-p2w8-9t9n-7baw
46
vulnerability VCID-qkka-4nty-sqh1
47
vulnerability VCID-qrf6-n324-ybbj
48
vulnerability VCID-r89t-ywcr-kbev
49
vulnerability VCID-ra9y-br8w-k7au
50
vulnerability VCID-rq3f-24px-ykfk
51
vulnerability VCID-s86a-mpj9-dfhg
52
vulnerability VCID-s8p4-nts1-2fh2
53
vulnerability VCID-st8g-2xn4-97b9
54
vulnerability VCID-su1t-s9q1-h7am
55
vulnerability VCID-ty34-7aqe-27gv
56
vulnerability VCID-ubn7-w3vz-hqgb
57
vulnerability VCID-umut-3bp5-y3eq
58
vulnerability VCID-v4ft-nvxq-cyhy
59
vulnerability VCID-v6z9-pvhr-k7d2
60
vulnerability VCID-vht4-48cx-c7gu
61
vulnerability VCID-wbd6-q158-8khm
62
vulnerability VCID-wg96-fujy-33db
63
vulnerability VCID-wte4-73wa-53fx
64
vulnerability VCID-x1jy-nk1c-6uak
65
vulnerability VCID-xf7g-p8s2-rqbj
66
vulnerability VCID-xnnq-fzcn-7fbg
67
vulnerability VCID-xsuv-1w6k-akeu
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.98.0
aliases CVE-2025-49592, GHSA-5vj6-wjr7-5v9f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ssr2-5x7e-9uf7
49
url VCID-st8g-2xn4-97b9
vulnerability_id VCID-st8g-2xn4-97b9
summary n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/advisories/GHSA-365g-vjw2-grx8
reference_id GHSA-365g-vjw2-grx8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-365g-vjw2-grx8
2
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-365g-vjw2-grx8
reference_id GHSA-365g-vjw2-grx8
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-365g-vjw2-grx8
fixed_packages
0
url pkg:npm/n8n@1.115.0
purl pkg:npm/n8n@1.115.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5pjr-smm2-pyav
11
vulnerability VCID-63n8-hy1m-3ke5
12
vulnerability VCID-6pzv-3t6r-akeq
13
vulnerability VCID-6xm5-7kq2-xqdm
14
vulnerability VCID-78yr-xz2p-rkff
15
vulnerability VCID-95f5-4xkw-yuae
16
vulnerability VCID-9bcs-wgnz-m3e8
17
vulnerability VCID-b5ba-g4u9-jkgx
18
vulnerability VCID-c232-fvfd-3fda
19
vulnerability VCID-c4s3-zx71-c7h3
20
vulnerability VCID-camv-m2tf-qkac
21
vulnerability VCID-cxss-9g41-gfb7
22
vulnerability VCID-cy8m-aw8f-zkfx
23
vulnerability VCID-cyxm-4jde-myc1
24
vulnerability VCID-d1rq-nmws-w3fy
25
vulnerability VCID-d5bn-f87r-vka1
26
vulnerability VCID-d5s2-xbfd-ukg7
27
vulnerability VCID-d763-b5fk-g3dm
28
vulnerability VCID-d7g4-89n1-y7e7
29
vulnerability VCID-dm6y-ymh9-u3cm
30
vulnerability VCID-e1c6-5sck-8bas
31
vulnerability VCID-f8r2-7ab1-w3d8
32
vulnerability VCID-fuvy-21q8-fyhh
33
vulnerability VCID-g3sy-n7qb-kqat
34
vulnerability VCID-h9zv-wu1v-83ft
35
vulnerability VCID-krxn-r6bc-cffu
36
vulnerability VCID-ktyh-c1au-6yc7
37
vulnerability VCID-nhbw-hcq1-b3em
38
vulnerability VCID-nva1-tjfr-ckb5
39
vulnerability VCID-p2w8-9t9n-7baw
40
vulnerability VCID-qkka-4nty-sqh1
41
vulnerability VCID-qrf6-n324-ybbj
42
vulnerability VCID-r89t-ywcr-kbev
43
vulnerability VCID-ra9y-br8w-k7au
44
vulnerability VCID-rq3f-24px-ykfk
45
vulnerability VCID-s86a-mpj9-dfhg
46
vulnerability VCID-s8p4-nts1-2fh2
47
vulnerability VCID-su1t-s9q1-h7am
48
vulnerability VCID-ty34-7aqe-27gv
49
vulnerability VCID-ubn7-w3vz-hqgb
50
vulnerability VCID-umut-3bp5-y3eq
51
vulnerability VCID-v4ft-nvxq-cyhy
52
vulnerability VCID-v6z9-pvhr-k7d2
53
vulnerability VCID-wbd6-q158-8khm
54
vulnerability VCID-wg96-fujy-33db
55
vulnerability VCID-wte4-73wa-53fx
56
vulnerability VCID-x1jy-nk1c-6uak
57
vulnerability VCID-xf7g-p8s2-rqbj
58
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.115.0
aliases GHSA-365g-vjw2-grx8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-st8g-2xn4-97b9
50
url VCID-su1t-s9q1-h7am
vulnerability_id VCID-su1t-s9q1-h7am
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42229
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19896
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42229
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42229
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42229
3
reference_url https://github.com/advisories/GHSA-mp4j-h6gh-f6mp
reference_id GHSA-mp4j-h6gh-f6mp
reference_type
scores
url https://github.com/advisories/GHSA-mp4j-h6gh-f6mp
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp
reference_id GHSA-mp4j-h6gh-f6mp
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T15:00:08Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42229, GHSA-mp4j-h6gh-f6mp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-su1t-s9q1-h7am
51
url VCID-ty34-7aqe-27gv
vulnerability_id VCID-ty34-7aqe-27gv
summary 
n8n has XSS in Chat Trigger Node through Custom CSS
## Impact
An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the `sanitize-html` library, the sanitization could be bypassed, resulting in stored XSS on the public chat page. Any user visiting the chat URL would be affected.

## Patches
The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the Chat Trigger node by adding `@n8n/n8n-nodes-langchain.chatTrigger` to the `NODES_EXCLUDE` environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279
2
reference_url https://github.com/advisories/GHSA-3c7f-5hgj-h279
reference_id GHSA-3c7f-5hgj-h279
reference_type
scores
url https://github.com/advisories/GHSA-3c7f-5hgj-h279
fixed_packages
0
url pkg:npm/n8n@1.123.27
purl pkg:npm/n8n@1.123.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-39dw-4b5k-1bae
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-4crt-c14t-53dq
5
vulnerability VCID-krxn-r6bc-cffu
6
vulnerability VCID-nhbw-hcq1-b3em
7
vulnerability VCID-nva1-tjfr-ckb5
8
vulnerability VCID-rq3f-24px-ykfk
9
vulnerability VCID-su1t-s9q1-h7am
10
vulnerability VCID-v4ft-nvxq-cyhy
11
vulnerability VCID-wte4-73wa-53fx
12
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.27
1
url pkg:npm/n8n@2.13.3
purl pkg:npm/n8n@2.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3
2
url pkg:npm/n8n@2.14.1
purl pkg:npm/n8n@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1
aliases GHSA-3c7f-5hgj-h279
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ty34-7aqe-27gv
52
url VCID-ubn7-w3vz-hqgb
vulnerability_id VCID-ubn7-w3vz-hqgb
summary n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only., and/or disable the Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27494
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25578
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27494
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27494
reference_id CVE-2026-27494
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27494
3
reference_url https://github.com/advisories/GHSA-mmgg-m5j7-f83h
reference_id GHSA-mmgg-m5j7-f83h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmgg-m5j7-f83h
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h
reference_id GHSA-mmgg-m5j7-f83h
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h
5
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
reference_id n8n@1.123.22
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22
6
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
reference_id n8n@2.10.1
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1
7
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
reference_id n8n@2.9.3
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3
fixed_packages
0
url pkg:npm/n8n@1.123.22
purl pkg:npm/n8n@1.123.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-78yr-xz2p-rkff
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cyxm-4jde-myc1
12
vulnerability VCID-d5bn-f87r-vka1
13
vulnerability VCID-d763-b5fk-g3dm
14
vulnerability VCID-f8r2-7ab1-w3d8
15
vulnerability VCID-krxn-r6bc-cffu
16
vulnerability VCID-nhbw-hcq1-b3em
17
vulnerability VCID-nva1-tjfr-ckb5
18
vulnerability VCID-r89t-ywcr-kbev
19
vulnerability VCID-rq3f-24px-ykfk
20
vulnerability VCID-s8p4-nts1-2fh2
21
vulnerability VCID-su1t-s9q1-h7am
22
vulnerability VCID-ty34-7aqe-27gv
23
vulnerability VCID-umut-3bp5-y3eq
24
vulnerability VCID-v4ft-nvxq-cyhy
25
vulnerability VCID-wg96-fujy-33db
26
vulnerability VCID-wte4-73wa-53fx
27
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.22
1
url pkg:npm/n8n@2.0.0-rc.0
purl pkg:npm/n8n@2.0.0-rc.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18zg-q45k-d3f3
1
vulnerability VCID-1rt1-y3w9-skc7
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-3p4c-nkcn-hkey
4
vulnerability VCID-5fsf-m3s8-pfg2
5
vulnerability VCID-6pzv-3t6r-akeq
6
vulnerability VCID-78yr-xz2p-rkff
7
vulnerability VCID-camv-m2tf-qkac
8
vulnerability VCID-cyxm-4jde-myc1
9
vulnerability VCID-d5bn-f87r-vka1
10
vulnerability VCID-d763-b5fk-g3dm
11
vulnerability VCID-e1c6-5sck-8bas
12
vulnerability VCID-f8r2-7ab1-w3d8
13
vulnerability VCID-h9zv-wu1v-83ft
14
vulnerability VCID-r89t-ywcr-kbev
15
vulnerability VCID-ra9y-br8w-k7au
16
vulnerability VCID-s8p4-nts1-2fh2
17
vulnerability VCID-ty34-7aqe-27gv
18
vulnerability VCID-umut-3bp5-y3eq
19
vulnerability VCID-v6z9-pvhr-k7d2
20
vulnerability VCID-wbd6-q158-8khm
21
vulnerability VCID-wg96-fujy-33db
22
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.0.0-rc.0
2
url pkg:npm/n8n@2.9.3
purl pkg:npm/n8n@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-cyxm-4jde-myc1
8
vulnerability VCID-f8r2-7ab1-w3d8
9
vulnerability VCID-krxn-r6bc-cffu
10
vulnerability VCID-nhbw-hcq1-b3em
11
vulnerability VCID-nva1-tjfr-ckb5
12
vulnerability VCID-r89t-ywcr-kbev
13
vulnerability VCID-rq3f-24px-ykfk
14
vulnerability VCID-su1t-s9q1-h7am
15
vulnerability VCID-ty34-7aqe-27gv
16
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3
3
url pkg:npm/n8n@2.10.1
purl pkg:npm/n8n@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-2kxv-vwc7-3ubf
3
vulnerability VCID-456j-q8xt-57e3
4
vulnerability VCID-6pzv-3t6r-akeq
5
vulnerability VCID-78yr-xz2p-rkff
6
vulnerability VCID-camv-m2tf-qkac
7
vulnerability VCID-f8r2-7ab1-w3d8
8
vulnerability VCID-krxn-r6bc-cffu
9
vulnerability VCID-nhbw-hcq1-b3em
10
vulnerability VCID-nva1-tjfr-ckb5
11
vulnerability VCID-r89t-ywcr-kbev
12
vulnerability VCID-rq3f-24px-ykfk
13
vulnerability VCID-su1t-s9q1-h7am
14
vulnerability VCID-ty34-7aqe-27gv
15
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1
aliases CVE-2026-27494, GHSA-mmgg-m5j7-f83h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ubn7-w3vz-hqgb
53
url VCID-umut-3bp5-y3eq
vulnerability_id VCID-umut-3bp5-y3eq
summary n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement execution is possible, enabling data modification and deletion. The issue has been fixed in n8n versions 1.123.26, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the Data Table node by adding `n8n-nodes-base.dataTable` to the `NODES_EXCLUDE` environment variable, and/or review existing workflows for Data Table Get nodes where `orderByColumn` is set to an expression that incorporates external or user-supplied input. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33713
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06746
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33713
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33713
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33713
3
reference_url https://github.com/advisories/GHSA-98c2-4cr3-4jc3
reference_id GHSA-98c2-4cr3-4jc3
reference_type
scores
url https://github.com/advisories/GHSA-98c2-4cr3-4jc3
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3
reference_id GHSA-98c2-4cr3-4jc3
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T17:58:32Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3
fixed_packages
0
url pkg:npm/n8n@1.123.26
purl pkg:npm/n8n@1.123.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-39dw-4b5k-1bae
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-4crt-c14t-53dq
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-78yr-xz2p-rkff
8
vulnerability VCID-camv-m2tf-qkac
9
vulnerability VCID-d5bn-f87r-vka1
10
vulnerability VCID-d763-b5fk-g3dm
11
vulnerability VCID-f8r2-7ab1-w3d8
12
vulnerability VCID-krxn-r6bc-cffu
13
vulnerability VCID-nhbw-hcq1-b3em
14
vulnerability VCID-nva1-tjfr-ckb5
15
vulnerability VCID-rq3f-24px-ykfk
16
vulnerability VCID-su1t-s9q1-h7am
17
vulnerability VCID-ty34-7aqe-27gv
18
vulnerability VCID-v4ft-nvxq-cyhy
19
vulnerability VCID-wte4-73wa-53fx
20
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.26
1
url pkg:npm/n8n@2.13.3
purl pkg:npm/n8n@2.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3
2
url pkg:npm/n8n@2.14.1
purl pkg:npm/n8n@2.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-456j-q8xt-57e3
2
vulnerability VCID-krxn-r6bc-cffu
3
vulnerability VCID-nhbw-hcq1-b3em
4
vulnerability VCID-nva1-tjfr-ckb5
5
vulnerability VCID-rq3f-24px-ykfk
6
vulnerability VCID-su1t-s9q1-h7am
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1
aliases CVE-2026-33713, GHSA-98c2-4cr3-4jc3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umut-3bp5-y3eq
54
url VCID-v4ft-nvxq-cyhy
vulnerability_id VCID-v4ft-nvxq-cyhy
summary n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supply a foreign credential ID in the request body, causing the backend to decrypt and use that credential in a helper execution path where the caller also controls the destination URL. This allowed the caller to force the backend to authenticate against attacker-controlled infrastructure using a credential belonging to another user, effectively exfiltrating a reusable API key. The issue is not limited to any single node type; any node that resolves credentials dynamically through these endpoints may be affected. This issue has been patched in versions 1.123.33, 2.17.5, and 2.18.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42226
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20183
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42226
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:L/SI:L/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42226
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:L/SI:L/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42226
3
reference_url https://github.com/advisories/GHSA-r4v6-9fqc-w5jr
reference_id GHSA-r4v6-9fqc-w5jr
reference_type
scores
url https://github.com/advisories/GHSA-r4v6-9fqc-w5jr
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-r4v6-9fqc-w5jr
reference_id GHSA-r4v6-9fqc-w5jr
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:L/SI:L/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:41:42Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-r4v6-9fqc-w5jr
fixed_packages
0
url pkg:npm/n8n@1.123.33
purl pkg:npm/n8n@1.123.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.33
1
url pkg:npm/n8n@2.17.5
purl pkg:npm/n8n@2.17.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.5
aliases CVE-2026-42226, GHSA-r4v6-9fqc-w5jr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4ft-nvxq-cyhy
55
url VCID-v6z9-pvhr-k7d2
vulnerability_id VCID-v6z9-pvhr-k7d2
summary n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were not verified against this secret. As a result, any HTTP client that knows the webhook URL could send a POST request containing a matching event type, causing the workflow to execute as if a legitimate Stripe event had been received. This issue affects n8n users who have active workflows using the Stripe Trigger node. An attacker could potentially fake payment or subscription events and influence downstream workflow behavior. The practical risk is reduced by the fact that the webhook URL contains a high-entropy UUID; however, authenticated n8n users with access to the workflow can view this webhook ID. This issue has been patched in version 2.2.2. A temporary workaround for this issue involves users deactivating affected workflows or restricting access to workflows containing Stripe Trigger nodes to trusted users only.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21894
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.0662
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21894
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/pull/22764
reference_id 22764
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:42:25Z/
url https://github.com/n8n-io/n8n/pull/22764
3
reference_url https://github.com/n8n-io/n8n/commit/a61a5991093c41863506888336e808ac1eff8d59
reference_id a61a5991093c41863506888336e808ac1eff8d59
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:42:25Z/
url https://github.com/n8n-io/n8n/commit/a61a5991093c41863506888336e808ac1eff8d59
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21894
reference_id CVE-2026-21894
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-21894
5
reference_url https://github.com/advisories/GHSA-jf52-3f2h-h9j5
reference_id GHSA-jf52-3f2h-h9j5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jf52-3f2h-h9j5
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-jf52-3f2h-h9j5
reference_id GHSA-jf52-3f2h-h9j5
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:42:25Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-jf52-3f2h-h9j5
fixed_packages
0
url pkg:npm/n8n@2.2.2
purl pkg:npm/n8n@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-9bcs-wgnz-m3e8
11
vulnerability VCID-c4s3-zx71-c7h3
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cxss-9g41-gfb7
14
vulnerability VCID-cyxm-4jde-myc1
15
vulnerability VCID-d1rq-nmws-w3fy
16
vulnerability VCID-d5bn-f87r-vka1
17
vulnerability VCID-d5s2-xbfd-ukg7
18
vulnerability VCID-d763-b5fk-g3dm
19
vulnerability VCID-dm6y-ymh9-u3cm
20
vulnerability VCID-f8r2-7ab1-w3d8
21
vulnerability VCID-g3sy-n7qb-kqat
22
vulnerability VCID-krxn-r6bc-cffu
23
vulnerability VCID-ktyh-c1au-6yc7
24
vulnerability VCID-nhbw-hcq1-b3em
25
vulnerability VCID-nva1-tjfr-ckb5
26
vulnerability VCID-p2w8-9t9n-7baw
27
vulnerability VCID-qrf6-n324-ybbj
28
vulnerability VCID-r89t-ywcr-kbev
29
vulnerability VCID-ra9y-br8w-k7au
30
vulnerability VCID-rq3f-24px-ykfk
31
vulnerability VCID-s86a-mpj9-dfhg
32
vulnerability VCID-s8p4-nts1-2fh2
33
vulnerability VCID-su1t-s9q1-h7am
34
vulnerability VCID-ty34-7aqe-27gv
35
vulnerability VCID-ubn7-w3vz-hqgb
36
vulnerability VCID-umut-3bp5-y3eq
37
vulnerability VCID-wbd6-q158-8khm
38
vulnerability VCID-wg96-fujy-33db
39
vulnerability VCID-xf7g-p8s2-rqbj
40
vulnerability VCID-xnnq-fzcn-7fbg
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.2.2
aliases CVE-2026-21894, GHSA-jf52-3f2h-h9j5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v6z9-pvhr-k7d2
56
url VCID-vht4-48cx-c7gu
vulnerability_id VCID-vht4-48cx-c7gu
summary n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52554
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.56059
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52554
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-52554
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-52554
3
reference_url https://github.com/n8n-io/n8n/pull/16405
reference_id 16405
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H
2
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T20:18:06Z/
url https://github.com/n8n-io/n8n/pull/16405
4
reference_url https://github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d661ade2f45d587d9469bc287e1
reference_id ca2f90c7fbaa1d661ade2f45d587d9469bc287e1
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T20:18:06Z/
url https://github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d661ade2f45d587d9469bc287e1
5
reference_url https://github.com/n8n-io/n8n/commit/e5edc60e344924230baafb11fa1f0af788e9ca9a
reference_id e5edc60e344924230baafb11fa1f0af788e9ca9a
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T20:18:06Z/
url https://github.com/n8n-io/n8n/commit/e5edc60e344924230baafb11fa1f0af788e9ca9a
6
reference_url https://github.com/advisories/GHSA-gq57-v332-7666
reference_id GHSA-gq57-v332-7666
reference_type
scores
url https://github.com/advisories/GHSA-gq57-v332-7666
7
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-gq57-v332-7666
reference_id GHSA-gq57-v332-7666
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H
2
value 4.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-03T20:18:06Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-gq57-v332-7666
fixed_packages
0
url pkg:npm/n8n@1.99.1
purl pkg:npm/n8n@1.99.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5mhm-99u3-ruec
11
vulnerability VCID-5pjr-smm2-pyav
12
vulnerability VCID-63n8-hy1m-3ke5
13
vulnerability VCID-6pzv-3t6r-akeq
14
vulnerability VCID-6xm5-7kq2-xqdm
15
vulnerability VCID-78yr-xz2p-rkff
16
vulnerability VCID-95f5-4xkw-yuae
17
vulnerability VCID-9bcs-wgnz-m3e8
18
vulnerability VCID-b5ba-g4u9-jkgx
19
vulnerability VCID-c232-fvfd-3fda
20
vulnerability VCID-c4s3-zx71-c7h3
21
vulnerability VCID-camv-m2tf-qkac
22
vulnerability VCID-cxss-9g41-gfb7
23
vulnerability VCID-cy8m-aw8f-zkfx
24
vulnerability VCID-cyxm-4jde-myc1
25
vulnerability VCID-d1rq-nmws-w3fy
26
vulnerability VCID-d5bn-f87r-vka1
27
vulnerability VCID-d5s2-xbfd-ukg7
28
vulnerability VCID-d763-b5fk-g3dm
29
vulnerability VCID-d7g4-89n1-y7e7
30
vulnerability VCID-dm6y-ymh9-u3cm
31
vulnerability VCID-e1c6-5sck-8bas
32
vulnerability VCID-et9c-dh4q-3qcy
33
vulnerability VCID-f8r2-7ab1-w3d8
34
vulnerability VCID-fuvy-21q8-fyhh
35
vulnerability VCID-g3sy-n7qb-kqat
36
vulnerability VCID-h9zv-wu1v-83ft
37
vulnerability VCID-krxn-r6bc-cffu
38
vulnerability VCID-ktyh-c1au-6yc7
39
vulnerability VCID-kw94-d9qx-3qf9
40
vulnerability VCID-nh3d-mzxr-j7dy
41
vulnerability VCID-nhbw-hcq1-b3em
42
vulnerability VCID-nva1-tjfr-ckb5
43
vulnerability VCID-p2w8-9t9n-7baw
44
vulnerability VCID-qkka-4nty-sqh1
45
vulnerability VCID-qrf6-n324-ybbj
46
vulnerability VCID-r89t-ywcr-kbev
47
vulnerability VCID-ra9y-br8w-k7au
48
vulnerability VCID-rq3f-24px-ykfk
49
vulnerability VCID-s86a-mpj9-dfhg
50
vulnerability VCID-s8p4-nts1-2fh2
51
vulnerability VCID-st8g-2xn4-97b9
52
vulnerability VCID-su1t-s9q1-h7am
53
vulnerability VCID-ty34-7aqe-27gv
54
vulnerability VCID-ubn7-w3vz-hqgb
55
vulnerability VCID-umut-3bp5-y3eq
56
vulnerability VCID-v4ft-nvxq-cyhy
57
vulnerability VCID-v6z9-pvhr-k7d2
58
vulnerability VCID-wbd6-q158-8khm
59
vulnerability VCID-wg96-fujy-33db
60
vulnerability VCID-wte4-73wa-53fx
61
vulnerability VCID-x1jy-nk1c-6uak
62
vulnerability VCID-xf7g-p8s2-rqbj
63
vulnerability VCID-xnnq-fzcn-7fbg
64
vulnerability VCID-xsuv-1w6k-akeu
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.99.1
aliases CVE-2025-52554, GHSA-gq57-v332-7666
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vht4-48cx-c7gu
57
url VCID-wbd6-q158-8khm
vulnerability_id VCID-wbd6-q158-8khm
summary n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25115
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.2267
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25115
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://github.com/n8n-io/n8n/commit/8607d372f78c388bb3691d9d5b52af7259ec7b1f
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/8607d372f78c388bb3691d9d5b52af7259ec7b1f
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25115
reference_id CVE-2026-25115
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25115
4
reference_url https://github.com/advisories/GHSA-8398-gmmx-564h
reference_id GHSA-8398-gmmx-564h
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8398-gmmx-564h
5
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h
reference_id GHSA-8398-gmmx-564h
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-05T14:23:16Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h
fixed_packages
0
url pkg:npm/n8n@2.4.8
purl pkg:npm/n8n@2.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-9bcs-wgnz-m3e8
11
vulnerability VCID-c4s3-zx71-c7h3
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cyxm-4jde-myc1
14
vulnerability VCID-d1rq-nmws-w3fy
15
vulnerability VCID-d5bn-f87r-vka1
16
vulnerability VCID-d5s2-xbfd-ukg7
17
vulnerability VCID-d763-b5fk-g3dm
18
vulnerability VCID-dm6y-ymh9-u3cm
19
vulnerability VCID-f8r2-7ab1-w3d8
20
vulnerability VCID-g3sy-n7qb-kqat
21
vulnerability VCID-krxn-r6bc-cffu
22
vulnerability VCID-nhbw-hcq1-b3em
23
vulnerability VCID-nva1-tjfr-ckb5
24
vulnerability VCID-p2w8-9t9n-7baw
25
vulnerability VCID-qrf6-n324-ybbj
26
vulnerability VCID-r89t-ywcr-kbev
27
vulnerability VCID-ra9y-br8w-k7au
28
vulnerability VCID-rq3f-24px-ykfk
29
vulnerability VCID-s8p4-nts1-2fh2
30
vulnerability VCID-su1t-s9q1-h7am
31
vulnerability VCID-ty34-7aqe-27gv
32
vulnerability VCID-ubn7-w3vz-hqgb
33
vulnerability VCID-umut-3bp5-y3eq
34
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.8
aliases CVE-2026-25115, GHSA-8398-gmmx-564h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbd6-q158-8khm
58
url VCID-wg96-fujy-33db
vulnerability_id VCID-wg96-fujy-33db
summary n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/commit/f73fae6fe7fc34907bba102648a9997186aa4385
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/f73fae6fe7fc34907bba102648a9997186aa4385
2
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n%402.4.0
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/releases/tag/n8n%402.4.0
3
reference_url https://github.com/advisories/GHSA-f3f2-mcxc-pwjx
reference_id GHSA-f3f2-mcxc-pwjx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3f2-mcxc-pwjx
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx
reference_id GHSA-f3f2-mcxc-pwjx
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx
fixed_packages
0
url pkg:npm/n8n@2.4.0
purl pkg:npm/n8n@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-9bcs-wgnz-m3e8
11
vulnerability VCID-c4s3-zx71-c7h3
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cxss-9g41-gfb7
14
vulnerability VCID-cyxm-4jde-myc1
15
vulnerability VCID-d1rq-nmws-w3fy
16
vulnerability VCID-d5bn-f87r-vka1
17
vulnerability VCID-d5s2-xbfd-ukg7
18
vulnerability VCID-d763-b5fk-g3dm
19
vulnerability VCID-dm6y-ymh9-u3cm
20
vulnerability VCID-f8r2-7ab1-w3d8
21
vulnerability VCID-g3sy-n7qb-kqat
22
vulnerability VCID-krxn-r6bc-cffu
23
vulnerability VCID-nhbw-hcq1-b3em
24
vulnerability VCID-nva1-tjfr-ckb5
25
vulnerability VCID-p2w8-9t9n-7baw
26
vulnerability VCID-qrf6-n324-ybbj
27
vulnerability VCID-r89t-ywcr-kbev
28
vulnerability VCID-ra9y-br8w-k7au
29
vulnerability VCID-rq3f-24px-ykfk
30
vulnerability VCID-s8p4-nts1-2fh2
31
vulnerability VCID-su1t-s9q1-h7am
32
vulnerability VCID-ty34-7aqe-27gv
33
vulnerability VCID-ubn7-w3vz-hqgb
34
vulnerability VCID-umut-3bp5-y3eq
35
vulnerability VCID-wbd6-q158-8khm
36
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.0
aliases GHSA-f3f2-mcxc-pwjx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg96-fujy-33db
59
url VCID-wte4-73wa-53fx
vulnerability_id VCID-wte4-73wa-53fx
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42234
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26427
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42234
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42234
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42234
3
reference_url https://github.com/advisories/GHSA-44v6-jhgm-p3m4
reference_id GHSA-44v6-jhgm-p3m4
reference_type
scores
url https://github.com/advisories/GHSA-44v6-jhgm-p3m4
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-44v6-jhgm-p3m4
reference_id GHSA-44v6-jhgm-p3m4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T03:56:38Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-44v6-jhgm-p3m4
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42234, GHSA-44v6-jhgm-p3m4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wte4-73wa-53fx
60
url VCID-x1jy-nk1c-6uak
vulnerability_id VCID-x1jy-nk1c-6uak
summary n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node's SSH operations, achieve remote code execution on the n8n host. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42231
reference_id
reference_type
scores
0
value 0.00471
scoring_system epss
scoring_elements 0.65062
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42231
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42231
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42231
3
reference_url https://github.com/advisories/GHSA-q5f4-99jv-pgg5
reference_id GHSA-q5f4-99jv-pgg5
reference_type
scores
url https://github.com/advisories/GHSA-q5f4-99jv-pgg5
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5
reference_id GHSA-q5f4-99jv-pgg5
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-04T20:17:57Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5
fixed_packages
0
url pkg:npm/n8n@1.123.32
purl pkg:npm/n8n@1.123.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.32
1
url pkg:npm/n8n@2.17.4
purl pkg:npm/n8n@2.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4ft-nvxq-cyhy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4
2
url pkg:npm/n8n@2.18.1
purl pkg:npm/n8n@2.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1
aliases CVE-2026-42231, GHSA-q5f4-99jv-pgg5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1jy-nk1c-6uak
61
url VCID-x83e-tmz3-rqd8
vulnerability_id VCID-x83e-tmz3-rqd8
summary n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME type of uploaded files, and the MIME type could be controlled via a GET parameter. This allows the server to respond with any MIME type, potentially enabling malicious content to be interpreted and executed by the browser. An authenticated attacker with member-level permissions could exploit this by uploading a crafted HTML file containing malicious JavaScript. When another user visits the binary data endpoint with the MIME type set to text/html, the script executes in the context of the user’s session. This script could send a request to change the user’s email address in their account settings, effectively enabling account takeover. This issue has been patched in version 1.90.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46343
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54525
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46343
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46343
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46343
3
reference_url https://github.com/n8n-io/n8n/pull/14350
reference_id 14350
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:34:53Z/
url https://github.com/n8n-io/n8n/pull/14350
4
reference_url https://github.com/n8n-io/n8n/pull/14685
reference_id 14685
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:34:53Z/
url https://github.com/n8n-io/n8n/pull/14685
5
reference_url https://github.com/advisories/GHSA-c8hm-hr8h-5xjw
reference_id GHSA-c8hm-hr8h-5xjw
reference_type
scores
url https://github.com/advisories/GHSA-c8hm-hr8h-5xjw
6
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-c8hm-hr8h-5xjw
reference_id GHSA-c8hm-hr8h-5xjw
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:34:53Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-c8hm-hr8h-5xjw
7
reference_url https://github.com/n8n-io/n8n/releases/tag/n8n%401.90.0
reference_id n8n%401.90.0
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:34:53Z/
url https://github.com/n8n-io/n8n/releases/tag/n8n%401.90.0
fixed_packages
0
url pkg:npm/n8n@1.90.0
purl pkg:npm/n8n@1.90.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5mhm-99u3-ruec
11
vulnerability VCID-5pjr-smm2-pyav
12
vulnerability VCID-63n8-hy1m-3ke5
13
vulnerability VCID-6pzv-3t6r-akeq
14
vulnerability VCID-6xm5-7kq2-xqdm
15
vulnerability VCID-727u-nmx9-xuf3
16
vulnerability VCID-78yr-xz2p-rkff
17
vulnerability VCID-95f5-4xkw-yuae
18
vulnerability VCID-9bcs-wgnz-m3e8
19
vulnerability VCID-b5ba-g4u9-jkgx
20
vulnerability VCID-c232-fvfd-3fda
21
vulnerability VCID-c4s3-zx71-c7h3
22
vulnerability VCID-camv-m2tf-qkac
23
vulnerability VCID-cxss-9g41-gfb7
24
vulnerability VCID-cy8m-aw8f-zkfx
25
vulnerability VCID-cyxm-4jde-myc1
26
vulnerability VCID-d1rq-nmws-w3fy
27
vulnerability VCID-d5bn-f87r-vka1
28
vulnerability VCID-d5s2-xbfd-ukg7
29
vulnerability VCID-d763-b5fk-g3dm
30
vulnerability VCID-d7g4-89n1-y7e7
31
vulnerability VCID-dm6y-ymh9-u3cm
32
vulnerability VCID-e1c6-5sck-8bas
33
vulnerability VCID-et9c-dh4q-3qcy
34
vulnerability VCID-f8r2-7ab1-w3d8
35
vulnerability VCID-fuvy-21q8-fyhh
36
vulnerability VCID-fy3d-ykem-3fgr
37
vulnerability VCID-g3sy-n7qb-kqat
38
vulnerability VCID-h9zv-wu1v-83ft
39
vulnerability VCID-krxn-r6bc-cffu
40
vulnerability VCID-ktyh-c1au-6yc7
41
vulnerability VCID-kw94-d9qx-3qf9
42
vulnerability VCID-nh3d-mzxr-j7dy
43
vulnerability VCID-nhbw-hcq1-b3em
44
vulnerability VCID-nva1-tjfr-ckb5
45
vulnerability VCID-p2w8-9t9n-7baw
46
vulnerability VCID-qkka-4nty-sqh1
47
vulnerability VCID-qrf6-n324-ybbj
48
vulnerability VCID-r89t-ywcr-kbev
49
vulnerability VCID-ra9y-br8w-k7au
50
vulnerability VCID-rq3f-24px-ykfk
51
vulnerability VCID-s86a-mpj9-dfhg
52
vulnerability VCID-s8p4-nts1-2fh2
53
vulnerability VCID-ssr2-5x7e-9uf7
54
vulnerability VCID-st8g-2xn4-97b9
55
vulnerability VCID-su1t-s9q1-h7am
56
vulnerability VCID-ty34-7aqe-27gv
57
vulnerability VCID-ubn7-w3vz-hqgb
58
vulnerability VCID-umut-3bp5-y3eq
59
vulnerability VCID-v4ft-nvxq-cyhy
60
vulnerability VCID-v6z9-pvhr-k7d2
61
vulnerability VCID-vht4-48cx-c7gu
62
vulnerability VCID-wbd6-q158-8khm
63
vulnerability VCID-wg96-fujy-33db
64
vulnerability VCID-wte4-73wa-53fx
65
vulnerability VCID-x1jy-nk1c-6uak
66
vulnerability VCID-xf7g-p8s2-rqbj
67
vulnerability VCID-xnnq-fzcn-7fbg
68
vulnerability VCID-xsuv-1w6k-akeu
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.90.0
aliases CVE-2025-46343, GHSA-c8hm-hr8h-5xjw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x83e-tmz3-rqd8
62
url VCID-xf7g-p8s2-rqbj
vulnerability_id VCID-xf7g-p8s2-rqbj
summary n8n: Webhook Forgery on Github Webhook Trigger
references
0
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
1
reference_url https://github.com/n8n-io/n8n/commit/a19347a6bc9a96d5065ac77d25a811e46178c578
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/a19347a6bc9a96d5065ac77d25a811e46178c578
2
reference_url https://github.com/n8n-io/n8n/commit/afe322325502f448b33bff1db1575e4447c28a36
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/commit/afe322325502f448b33bff1db1575e4447c28a36
3
reference_url https://github.com/advisories/GHSA-mqpr-49jj-32rc
reference_id GHSA-mqpr-49jj-32rc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqpr-49jj-32rc
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-mqpr-49jj-32rc
reference_id GHSA-mqpr-49jj-32rc
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n/security/advisories/GHSA-mqpr-49jj-32rc
fixed_packages
0
url pkg:npm/n8n@1.123.15
purl pkg:npm/n8n@1.123.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-456j-q8xt-57e3
6
vulnerability VCID-4crt-c14t-53dq
7
vulnerability VCID-5fsf-m3s8-pfg2
8
vulnerability VCID-6pzv-3t6r-akeq
9
vulnerability VCID-6xm5-7kq2-xqdm
10
vulnerability VCID-78yr-xz2p-rkff
11
vulnerability VCID-95f5-4xkw-yuae
12
vulnerability VCID-9bcs-wgnz-m3e8
13
vulnerability VCID-camv-m2tf-qkac
14
vulnerability VCID-cxss-9g41-gfb7
15
vulnerability VCID-cyxm-4jde-myc1
16
vulnerability VCID-d1rq-nmws-w3fy
17
vulnerability VCID-d5bn-f87r-vka1
18
vulnerability VCID-d5s2-xbfd-ukg7
19
vulnerability VCID-d763-b5fk-g3dm
20
vulnerability VCID-dm6y-ymh9-u3cm
21
vulnerability VCID-f8r2-7ab1-w3d8
22
vulnerability VCID-g3sy-n7qb-kqat
23
vulnerability VCID-krxn-r6bc-cffu
24
vulnerability VCID-nhbw-hcq1-b3em
25
vulnerability VCID-nva1-tjfr-ckb5
26
vulnerability VCID-p2w8-9t9n-7baw
27
vulnerability VCID-qrf6-n324-ybbj
28
vulnerability VCID-r89t-ywcr-kbev
29
vulnerability VCID-ra9y-br8w-k7au
30
vulnerability VCID-rq3f-24px-ykfk
31
vulnerability VCID-s8p4-nts1-2fh2
32
vulnerability VCID-su1t-s9q1-h7am
33
vulnerability VCID-ty34-7aqe-27gv
34
vulnerability VCID-ubn7-w3vz-hqgb
35
vulnerability VCID-umut-3bp5-y3eq
36
vulnerability VCID-v4ft-nvxq-cyhy
37
vulnerability VCID-wbd6-q158-8khm
38
vulnerability VCID-wg96-fujy-33db
39
vulnerability VCID-wte4-73wa-53fx
40
vulnerability VCID-x1jy-nk1c-6uak
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.123.15
1
url pkg:npm/n8n@2.5.0
purl pkg:npm/n8n@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-camv-m2tf-qkac
11
vulnerability VCID-cxss-9g41-gfb7
12
vulnerability VCID-cyxm-4jde-myc1
13
vulnerability VCID-d1rq-nmws-w3fy
14
vulnerability VCID-d5bn-f87r-vka1
15
vulnerability VCID-d5s2-xbfd-ukg7
16
vulnerability VCID-dm6y-ymh9-u3cm
17
vulnerability VCID-f8r2-7ab1-w3d8
18
vulnerability VCID-g3sy-n7qb-kqat
19
vulnerability VCID-krxn-r6bc-cffu
20
vulnerability VCID-nhbw-hcq1-b3em
21
vulnerability VCID-nva1-tjfr-ckb5
22
vulnerability VCID-p2w8-9t9n-7baw
23
vulnerability VCID-qrf6-n324-ybbj
24
vulnerability VCID-r89t-ywcr-kbev
25
vulnerability VCID-ra9y-br8w-k7au
26
vulnerability VCID-rq3f-24px-ykfk
27
vulnerability VCID-s8p4-nts1-2fh2
28
vulnerability VCID-su1t-s9q1-h7am
29
vulnerability VCID-ty34-7aqe-27gv
30
vulnerability VCID-ubn7-w3vz-hqgb
31
vulnerability VCID-umut-3bp5-y3eq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.5.0
aliases GHSA-mqpr-49jj-32rc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xf7g-p8s2-rqbj
63
url VCID-xnnq-fzcn-7fbg
vulnerability_id VCID-xnnq-fzcn-7fbg
summary n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email — including an administrator's — and upon login gain full access to that account. The account linkage persisted even if the LDAP email was later reverted, resulting in a permanent account takeover. LDAP authentication must be configured and active (non-default). The issue has been fixed in n8n versions 2.4.0 and 1.121.0. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Disable LDAP authentication until the instance can be upgraded, restrict LDAP directory permissions so that users cannot modify their own email attributes, and/or audit existing LDAP-linked accounts for unexpected account associations. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33665
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09122
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33665
1
reference_url https://github.com/n8n-io/n8n
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/n8n-io/n8n
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33665
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33665
3
reference_url https://github.com/advisories/GHSA-c545-x2rh-82fc
reference_id GHSA-c545-x2rh-82fc
reference_type
scores
url https://github.com/advisories/GHSA-c545-x2rh-82fc
4
reference_url https://github.com/n8n-io/n8n/security/advisories/GHSA-c545-x2rh-82fc
reference_id GHSA-c545-x2rh-82fc
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-27T14:55:43Z/
url https://github.com/n8n-io/n8n/security/advisories/GHSA-c545-x2rh-82fc
fixed_packages
0
url pkg:npm/n8n@1.121.0
purl pkg:npm/n8n@1.121.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-39dw-4b5k-1bae
5
vulnerability VCID-3p4c-nkcn-hkey
6
vulnerability VCID-456j-q8xt-57e3
7
vulnerability VCID-4crt-c14t-53dq
8
vulnerability VCID-5c7w-mba9-mucn
9
vulnerability VCID-5fsf-m3s8-pfg2
10
vulnerability VCID-5pjr-smm2-pyav
11
vulnerability VCID-6pzv-3t6r-akeq
12
vulnerability VCID-6xm5-7kq2-xqdm
13
vulnerability VCID-78yr-xz2p-rkff
14
vulnerability VCID-95f5-4xkw-yuae
15
vulnerability VCID-9bcs-wgnz-m3e8
16
vulnerability VCID-b5ba-g4u9-jkgx
17
vulnerability VCID-c4s3-zx71-c7h3
18
vulnerability VCID-camv-m2tf-qkac
19
vulnerability VCID-cxss-9g41-gfb7
20
vulnerability VCID-cy8m-aw8f-zkfx
21
vulnerability VCID-cyxm-4jde-myc1
22
vulnerability VCID-d1rq-nmws-w3fy
23
vulnerability VCID-d5bn-f87r-vka1
24
vulnerability VCID-d5s2-xbfd-ukg7
25
vulnerability VCID-d763-b5fk-g3dm
26
vulnerability VCID-dm6y-ymh9-u3cm
27
vulnerability VCID-e1c6-5sck-8bas
28
vulnerability VCID-f8r2-7ab1-w3d8
29
vulnerability VCID-fuvy-21q8-fyhh
30
vulnerability VCID-g3sy-n7qb-kqat
31
vulnerability VCID-h9zv-wu1v-83ft
32
vulnerability VCID-krxn-r6bc-cffu
33
vulnerability VCID-ktyh-c1au-6yc7
34
vulnerability VCID-nhbw-hcq1-b3em
35
vulnerability VCID-nva1-tjfr-ckb5
36
vulnerability VCID-p2w8-9t9n-7baw
37
vulnerability VCID-qrf6-n324-ybbj
38
vulnerability VCID-r89t-ywcr-kbev
39
vulnerability VCID-ra9y-br8w-k7au
40
vulnerability VCID-rq3f-24px-ykfk
41
vulnerability VCID-s8p4-nts1-2fh2
42
vulnerability VCID-su1t-s9q1-h7am
43
vulnerability VCID-ty34-7aqe-27gv
44
vulnerability VCID-ubn7-w3vz-hqgb
45
vulnerability VCID-umut-3bp5-y3eq
46
vulnerability VCID-v4ft-nvxq-cyhy
47
vulnerability VCID-v6z9-pvhr-k7d2
48
vulnerability VCID-wbd6-q158-8khm
49
vulnerability VCID-wg96-fujy-33db
50
vulnerability VCID-wte4-73wa-53fx
51
vulnerability VCID-x1jy-nk1c-6uak
52
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.121.0
1
url pkg:npm/n8n@2.4.0
purl pkg:npm/n8n@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17dc-5ubt-g3e1
1
vulnerability VCID-18zg-q45k-d3f3
2
vulnerability VCID-1rt1-y3w9-skc7
3
vulnerability VCID-2kxv-vwc7-3ubf
4
vulnerability VCID-456j-q8xt-57e3
5
vulnerability VCID-5fsf-m3s8-pfg2
6
vulnerability VCID-6pzv-3t6r-akeq
7
vulnerability VCID-6xm5-7kq2-xqdm
8
vulnerability VCID-78yr-xz2p-rkff
9
vulnerability VCID-95f5-4xkw-yuae
10
vulnerability VCID-9bcs-wgnz-m3e8
11
vulnerability VCID-c4s3-zx71-c7h3
12
vulnerability VCID-camv-m2tf-qkac
13
vulnerability VCID-cxss-9g41-gfb7
14
vulnerability VCID-cyxm-4jde-myc1
15
vulnerability VCID-d1rq-nmws-w3fy
16
vulnerability VCID-d5bn-f87r-vka1
17
vulnerability VCID-d5s2-xbfd-ukg7
18
vulnerability VCID-d763-b5fk-g3dm
19
vulnerability VCID-dm6y-ymh9-u3cm
20
vulnerability VCID-f8r2-7ab1-w3d8
21
vulnerability VCID-g3sy-n7qb-kqat
22
vulnerability VCID-krxn-r6bc-cffu
23
vulnerability VCID-nhbw-hcq1-b3em
24
vulnerability VCID-nva1-tjfr-ckb5
25
vulnerability VCID-p2w8-9t9n-7baw
26
vulnerability VCID-qrf6-n324-ybbj
27
vulnerability VCID-r89t-ywcr-kbev
28
vulnerability VCID-ra9y-br8w-k7au
29
vulnerability VCID-rq3f-24px-ykfk
30
vulnerability VCID-s8p4-nts1-2fh2
31
vulnerability VCID-su1t-s9q1-h7am
32
vulnerability VCID-ty34-7aqe-27gv
33
vulnerability VCID-ubn7-w3vz-hqgb
34
vulnerability VCID-umut-3bp5-y3eq
35
vulnerability VCID-wbd6-q158-8khm
36
vulnerability VCID-xf7g-p8s2-rqbj
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.4.0
aliases CVE-2026-33665, GHSA-c545-x2rh-82fc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnnq-fzcn-7fbg
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/n8n@1.0.4