{"url":"http://public2.vulnerablecode.io/api/packages/950937?format=json","purl":"pkg:npm/n8n@2.8.4","type":"npm","namespace":"","name":"n8n","version":"2.8.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.17.5","latest_non_vulnerable_version":"2.22.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70598?format=json","vulnerability_id":"VCID-17dc-5ubt-g3e1","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against the connected database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42237","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11412","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42237"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42237","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42237"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx","reference_id":"GHSA-f3f2-mcxc-pwjx","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx"},{"reference_url":"https://github.com/advisories/GHSA-hp3c-vfpm-q4f7","reference_id":"GHSA-hp3c-vfpm-q4f7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hp3c-vfpm-q4f7"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7","reference_id":"GHSA-hp3c-vfpm-q4f7","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:17:33Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42237","GHSA-hp3c-vfpm-q4f7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17dc-5ubt-g3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77657?format=json","vulnerability_id":"VCID-18zg-q45k-d3f3","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33751","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05308","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33751"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33751","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33751"},{"reference_url":"https://github.com/advisories/GHSA-w83q-mcmx-mh42","reference_id":"GHSA-w83q-mcmx-mh42","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w83q-mcmx-mh42"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42","reference_id":"GHSA-w83q-mcmx-mh42","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:10:55Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374760?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/374759?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33751","GHSA-w83q-mcmx-mh42"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18zg-q45k-d3f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360207?format=json","vulnerability_id":"VCID-2kxv-vwc7-3ubf","summary":"n8n: Authenticated XSS and Open Redirect via Form Node\n## Impact\nAn authenticated user with permission to create or modify workflows could configure a Form Node with an unsanitized HTML description field or exploit an overly permissive iframe sandbox policy to perform stored cross-site scripting or redirect end users visiting the form to an arbitrary external URL. The vulnerability could be used to facilitate phishing attacks.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.24, 2.10.4 and 2.12.0. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable.\n- Disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c"},{"reference_url":"https://github.com/advisories/GHSA-w673-8fjw-457c","reference_id":"GHSA-w673-8fjw-457c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w673-8fjw-457c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375282?format=json","purl":"pkg:npm/n8n@2.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.4"},{"url":"http://public2.vulnerablecode.io/api/packages/375281?format=json","purl":"pkg:npm/n8n@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.12.0"}],"aliases":["GHSA-w673-8fjw-457c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2kxv-vwc7-3ubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70147?format=json","vulnerability_id":"VCID-456j-q8xt-57e3","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the Limit field (e.g., from a webhook), an attacker could inject arbitrary SQL and exfiltrate data from the connected Oracle database. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42233","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19896","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42233"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42233","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42233"},{"reference_url":"https://github.com/advisories/GHSA-r6jc-mpqw-m755","reference_id":"GHSA-r6jc-mpqw-m755","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r6jc-mpqw-m755"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755","reference_id":"GHSA-r6jc-mpqw-m755","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:55Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42233","GHSA-r6jc-mpqw-m755"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-456j-q8xt-57e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77730?format=json","vulnerability_id":"VCID-6pzv-3t6r-akeq","summary":"n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33696","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43526","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33696"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33696","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33696"},{"reference_url":"https://github.com/advisories/GHSA-mxrg-77hm-89hv","reference_id":"GHSA-mxrg-77hm-89hv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mxrg-77hm-89hv"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv","reference_id":"GHSA-mxrg-77hm-89hv","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T20:08:10Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374760?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/374759?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33696","GHSA-mxrg-77hm-89hv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pzv-3t6r-akeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212672?format=json","vulnerability_id":"VCID-6xm5-7kq2-xqdm","summary":"n8n has an Authentication Bypass in its Chat Trigger Node","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a"},{"reference_url":"https://github.com/advisories/GHSA-jh8h-6c9q-7gmw","reference_id":"GHSA-jh8h-6c9q-7gmw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh8h-6c9q-7gmw"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw","reference_id":"GHSA-jh8h-6c9q-7gmw","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39885?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-cyxm-4jde-myc1"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/39884?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["GHSA-jh8h-6c9q-7gmw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xm5-7kq2-xqdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78102?format=json","vulnerability_id":"VCID-78yr-xz2p-rkff","summary":"n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's \"Combine by SQL\" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33660","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23658","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33660"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33660","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33660"},{"reference_url":"https://github.com/advisories/GHSA-58qr-rcgv-642v","reference_id":"GHSA-58qr-rcgv-642v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-58qr-rcgv-642v"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v","reference_id":"GHSA-58qr-rcgv-642v","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-28T01:26:07Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374760?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/374759?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33660","GHSA-58qr-rcgv-642v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78yr-xz2p-rkff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212662?format=json","vulnerability_id":"VCID-95f5-4xkw-yuae","summary":"n8n Vulnerable to Stored XSS via Various Nodes","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27578","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09942","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27578"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27578","reference_id":"CVE-2026-27578","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27578"},{"reference_url":"https://github.com/advisories/GHSA-2p9h-rqjw-gm92","reference_id":"GHSA-2p9h-rqjw-gm92","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2p9h-rqjw-gm92"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92","reference_id":"GHSA-2p9h-rqjw-gm92","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39885?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-cyxm-4jde-myc1"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/39884?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27578","GHSA-2p9h-rqjw-gm92"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95f5-4xkw-yuae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77941?format=json","vulnerability_id":"VCID-camv-m2tf-qkac","summary":"n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) belonging to other users on the same instance. The attack abuses a name-based credential resolution path that does not enforce ownership or project scope, combined with a bypass in the credentials permission checker that causes generic HTTP credential types to be skipped during pre-execution validation. Together, these flaws allow a member-role user to resolve another user's credential ID and execute a workflow that decrypts and uses that credential without authorization. Native integration credential types (e.g. `slackApi`, `openAiApi`, `postgres`) are not affected by this issue. This vulnerability affects Community Edition only. Enterprise Edition has additional permission gates on workflow creation and execution that independently block this attack chain. The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Restrict instance access to fully trusted users only, and/or audit credentials stored on the instance and rotate any generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) that may have been exposed. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33663","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06425","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33663"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33663","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33663"},{"reference_url":"https://github.com/advisories/GHSA-m63j-689w-3j35","reference_id":"GHSA-m63j-689w-3j35","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m63j-689w-3j35"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-m63j-689w-3j35","reference_id":"GHSA-m63j-689w-3j35","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:51:35Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-m63j-689w-3j35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374760?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/374759?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33663","GHSA-m63j-689w-3j35"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-camv-m2tf-qkac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212674?format=json","vulnerability_id":"VCID-cyxm-4jde-myc1","summary":"n8n has a Guardrail Node Bypass","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/commit/8d0251d1deef256fd3d9176f05dedab62afde918","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/8d0251d1deef256fd3d9176f05dedab62afde918"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.0","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.0"},{"reference_url":"https://github.com/advisories/GHSA-fvfv-ppw4-7h2w","reference_id":"GHSA-fvfv-ppw4-7h2w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvfv-ppw4-7h2w"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w","reference_id":"GHSA-fvfv-ppw4-7h2w","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39883?format=json","purl":"pkg:npm/n8n@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-6xm5-7kq2-xqdm"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-95f5-4xkw-yuae"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-dm6y-ymh9-u3cm"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-g3sy-n7qb-kqat"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-p2w8-9t9n-7baw"},{"vulnerability":"VCID-qrf6-n324-ybbj"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-ra9y-br8w-k7au"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-ubn7-w3vz-hqgb"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.0"}],"aliases":["GHSA-fvfv-ppw4-7h2w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyxm-4jde-myc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80280?format=json","vulnerability_id":"VCID-dm6y-ymh9-u3cm","summary":"n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27577","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38836","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27577"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6","reference_id":"1479aab2d32fe0ee087f82b9038b1035c98be2f6","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6"},{"reference_url":"https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e","reference_id":"9e5212ecbc5d2d4e6f340b636a5e84be6369882e","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27577","reference_id":"CVE-2026-27577","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27577"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp","reference_id":"GHSA-v98v-ff95-f3cp","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp"},{"reference_url":"https://github.com/advisories/GHSA-vpcf-gvg4-6qwr","reference_id":"GHSA-vpcf-gvg4-6qwr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vpcf-gvg4-6qwr"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr","reference_id":"GHSA-vpcf-gvg4-6qwr","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr"},{"reference_url":"https://docs.n8n.io/hosting/securing/overview","reference_id":"overview","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://docs.n8n.io/hosting/securing/overview"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39885?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-cyxm-4jde-myc1"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/39884?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27577","GHSA-vpcf-gvg4-6qwr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dm6y-ymh9-u3cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78072?format=json","vulnerability_id":"VCID-f8r2-7ab1-w3d8","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endpoint served such responses inline on the n8n origin without `Content-Disposition` or `Content-Security-Policy` headers, allowing the HTML to render in the browser with full same-origin JavaScript access. By sending the resulting URL to a higher-privileged user, an attacker could execute JavaScript in the victim's authenticated session, enabling exfiltration of workflows and credentials, modification of workflows, or privilege escalation to admin. The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or restrict network access to the n8n instance to prevent untrusted users from accessing binary data URLs. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33749","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15914","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33749"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33749","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33749"},{"reference_url":"https://github.com/advisories/GHSA-qfc3-hm4j-7q77","reference_id":"GHSA-qfc3-hm4j-7q77","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qfc3-hm4j-7q77"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77","reference_id":"GHSA-qfc3-hm4j-7q77","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:07:00Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374760?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/374759?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33749","GHSA-qfc3-hm4j-7q77"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8r2-7ab1-w3d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80123?format=json","vulnerability_id":"VCID-g3sy-n7qb-kqat","summary":"n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host. The vulnerability requires a specific workflow configuration to be exploitable. First, a form node with a field interpolating a value provided by an unauthenticated user, e.g. a form submitted value. Second, the field value must begin with an `=` character, which caused n8n to treat it as an expression and triggered a double-evaluation of the field content. There is no practical reason for a workflow designer to prefix a field with `=` intentionally — the character is not rendered in the output, so the result would not match the designer's expectations. If added accidentally, it would be noticeable and very unlikely to persist. An unauthenticated attacker would need to either know about this specific circumstance on a target instance or discover a matching form by chance. Even when the preconditions are met, the expression injection alone is limited to data accessible within the n8n expression context. Escalation to remote code execution requires chaining with a separate sandbox escape vulnerability. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Review usage of form nodes manually for above mentioned preconditions, disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable, and/or disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27493","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50406","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27493"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/issues/19","reference_id":"19","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/issues/19"},{"reference_url":"https://github.com/n8n-io/n8n/commit/562d867483e871b0f1e31776252e23bd721df75b","reference_id":"562d867483e871b0f1e31776252e23bd721df75b","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/commit/562d867483e871b0f1e31776252e23bd721df75b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27493","reference_id":"CVE-2026-27493","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27493"},{"reference_url":"https://github.com/advisories/GHSA-75g8-rv7v-32f7","reference_id":"GHSA-75g8-rv7v-32f7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75g8-rv7v-32f7"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7","reference_id":"GHSA-75g8-rv7v-32f7","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22","reference_id":"n8n@1.123.22","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1","reference_id":"n8n@2.10.1","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3","reference_id":"n8n@2.9.3","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39885?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-cyxm-4jde-myc1"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/39884?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27493","GHSA-75g8-rv7v-32f7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g3sy-n7qb-kqat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70447?format=json","vulnerability_id":"VCID-krxn-r6bc-cffu","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. The MCP enable/disable toggle gates MCP access but did not restrict client registrations, meaning the endpoint is reachable regardless of whether MCP access is enabled on the instance. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42236","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37306","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42236"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42236"},{"reference_url":"https://github.com/advisories/GHSA-49m9-pgww-9vq6","reference_id":"GHSA-49m9-pgww-9vq6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-49m9-pgww-9vq6"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6","reference_id":"GHSA-49m9-pgww-9vq6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:59:10Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42236","GHSA-49m9-pgww-9vq6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krxn-r6bc-cffu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70296?format=json","vulnerability_id":"VCID-nhbw-hcq1-b3em","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforcing project membership checks, bypassing the authorization-aware service layer used by the internal enterprise controller. If variables were misused to store sensitive information such as credentials or tokens, they should be rotated immediately. This issue only affects licensed enterprise or team deployments with multiple projects and the variables feature enabled. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42227","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11812","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42227"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42227","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42227"},{"reference_url":"https://github.com/advisories/GHSA-756q-gq9h-fp22","reference_id":"GHSA-756q-gq9h-fp22","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-756q-gq9h-fp22"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22","reference_id":"GHSA-756q-gq9h-fp22","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:26Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42227","GHSA-756q-gq9h-fp22"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbw-hcq1-b3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70393?format=json","vulnerability_id":"VCID-nva1-tjfr-ckb5","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42228","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25477","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42228"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42228","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42228"},{"reference_url":"https://github.com/advisories/GHSA-f77h-j2v7-g6mw","reference_id":"GHSA-f77h-j2v7-g6mw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f77h-j2v7-g6mw"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw","reference_id":"GHSA-f77h-j2v7-g6mw","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T13:47:46Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42228","GHSA-f77h-j2v7-g6mw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nva1-tjfr-ckb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79889?format=json","vulnerability_id":"VCID-p2w8-9t9n-7baw","summary":"n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to limit the blast radius. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27495","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27879","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27495"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27495","reference_id":"CVE-2026-27495","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27495"},{"reference_url":"https://github.com/advisories/GHSA-jjpj-p2wh-qf23","reference_id":"GHSA-jjpj-p2wh-qf23","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjpj-p2wh-qf23"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23","reference_id":"GHSA-jjpj-p2wh-qf23","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22","reference_id":"n8n@1.123.22","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1","reference_id":"n8n@2.10.1","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3","reference_id":"n8n@2.9.3","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3"},{"reference_url":"https://docs.n8n.io/hosting/configuration/task-runners","reference_id":"task-runners","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://docs.n8n.io/hosting/configuration/task-runners"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39885?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-cyxm-4jde-myc1"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/39884?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27495","GHSA-jjpj-p2wh-qf23"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2w8-9t9n-7baw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79999?format=json","vulnerability_id":"VCID-qrf6-n324-ybbj","summary":"n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27497","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22844","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27497"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27497","reference_id":"CVE-2026-27497","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27497"},{"reference_url":"https://github.com/advisories/GHSA-wxx7-mcgf-j869","reference_id":"GHSA-wxx7-mcgf-j869","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wxx7-mcgf-j869"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869","reference_id":"GHSA-wxx7-mcgf-j869","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22","reference_id":"n8n@1.123.22","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1","reference_id":"n8n@2.10.1","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3","reference_id":"n8n@2.9.3","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39885?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-cyxm-4jde-myc1"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/39884?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27497","GHSA-wxx7-mcgf-j869"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrf6-n324-ybbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360046?format=json","vulnerability_id":"VCID-r89t-ywcr-kbev","summary":"n8n has a Stored XSS Vulnerability in its Form Trigger\n## Impact\nAn authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form, enabling form submission hijacking and phishing. The existing Content Security Policy prevents direct n8n session cookie theft but does not prevent script execution or form action manipulation.\n\n## Patches\nThe issue has been fixed in n8n versions 2.12.0, 2.11.2, and 1.123.25. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g"},{"reference_url":"https://github.com/advisories/GHSA-q4fm-pjq6-m63g","reference_id":"GHSA-q4fm-pjq6-m63g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q4fm-pjq6-m63g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374745?format=json","purl":"pkg:npm/n8n@2.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.11.2"}],"aliases":["GHSA-q4fm-pjq6-m63g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r89t-ywcr-kbev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80281?format=json","vulnerability_id":"VCID-ra9y-br8w-k7au","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens — resulting in information disclosure of sensitive in-process data. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. In external runner mode, the impact is limited to data within the external runner process. The issue has been fixed in n8n versions 1.123.22, 2.10.1 , and 2.9.3. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to isolate the runner process. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27496","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12722","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27496"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27496","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27496"},{"reference_url":"https://docs.n8n.io/hosting/securing/blocking-nodes","reference_id":"blocking-nodes","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/"}],"url":"https://docs.n8n.io/hosting/securing/blocking-nodes"},{"reference_url":"https://github.com/advisories/GHSA-xvh5-5qg4-x9qp","reference_id":"GHSA-xvh5-5qg4-x9qp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xvh5-5qg4-x9qp"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-xvh5-5qg4-x9qp","reference_id":"GHSA-xvh5-5qg4-x9qp","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-xvh5-5qg4-x9qp"},{"reference_url":"https://docs.n8n.io/hosting/configuration/task-runners","reference_id":"task-runners","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/"}],"url":"https://docs.n8n.io/hosting/configuration/task-runners"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39885?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-cyxm-4jde-myc1"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/39884?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27496","GHSA-xvh5-5qg4-x9qp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ra9y-br8w-k7au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70284?format=json","vulnerability_id":"VCID-rq3f-24px-ykfk","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, the handleDeny handler redirects the user to the registered redirect_uri without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks \"Deny\" on the consent page, they are silently redirected to an external site. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42230","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17771","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42230"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42230","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42230"},{"reference_url":"https://github.com/advisories/GHSA-f6x8-65q6-j9m9","reference_id":"GHSA-f6x8-65q6-j9m9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f6x8-65q6-j9m9"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9","reference_id":"GHSA-f6x8-65q6-j9m9","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:55:49Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42230","GHSA-f6x8-65q6-j9m9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rq3f-24px-ykfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70188?format=json","vulnerability_id":"VCID-su1t-s9q1-h7am","summary":"n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42229","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19896","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42229"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42229","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42229"},{"reference_url":"https://github.com/advisories/GHSA-mp4j-h6gh-f6mp","reference_id":"GHSA-mp4j-h6gh-f6mp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mp4j-h6gh-f6mp"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp","reference_id":"GHSA-mp4j-h6gh-f6mp","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T15:00:08Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373288?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v4ft-nvxq-cyhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373287?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42229","GHSA-mp4j-h6gh-f6mp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-su1t-s9q1-h7am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360180?format=json","vulnerability_id":"VCID-ty34-7aqe-27gv","summary":"n8n has XSS in Chat Trigger Node through Custom CSS\n## Impact\nAn authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the `sanitize-html` library, the sanitization could be bypassed, resulting in stored XSS on the public chat page. Any user visiting the chat URL would be affected.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Chat Trigger node by adding `@n8n/n8n-nodes-langchain.chatTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279"},{"reference_url":"https://github.com/advisories/GHSA-3c7f-5hgj-h279","reference_id":"GHSA-3c7f-5hgj-h279","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3c7f-5hgj-h279"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374760?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/374759?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["GHSA-3c7f-5hgj-h279"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ty34-7aqe-27gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79873?format=json","vulnerability_id":"VCID-ubn7-w3vz-hqgb","summary":"n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only., and/or disable the Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27494","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25578","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27494"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27494","reference_id":"CVE-2026-27494","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27494"},{"reference_url":"https://github.com/advisories/GHSA-mmgg-m5j7-f83h","reference_id":"GHSA-mmgg-m5j7-f83h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmgg-m5j7-f83h"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h","reference_id":"GHSA-mmgg-m5j7-f83h","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22","reference_id":"n8n@1.123.22","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1","reference_id":"n8n@2.10.1","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3","reference_id":"n8n@2.9.3","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39885?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-cyxm-4jde-myc1"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/39884?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-18zg-q45k-d3f3"},{"vulnerability":"VCID-2kxv-vwc7-3ubf"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-6pzv-3t6r-akeq"},{"vulnerability":"VCID-78yr-xz2p-rkff"},{"vulnerability":"VCID-camv-m2tf-qkac"},{"vulnerability":"VCID-f8r2-7ab1-w3d8"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-r89t-ywcr-kbev"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"},{"vulnerability":"VCID-ty34-7aqe-27gv"},{"vulnerability":"VCID-umut-3bp5-y3eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27494","GHSA-mmgg-m5j7-f83h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ubn7-w3vz-hqgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78017?format=json","vulnerability_id":"VCID-umut-3bp5-y3eq","summary":"n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement execution is possible, enabling data modification and deletion. The issue has been fixed in n8n versions 1.123.26, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the Data Table node by adding `n8n-nodes-base.dataTable` to the `NODES_EXCLUDE` environment variable, and/or review existing workflows for Data Table Get nodes where `orderByColumn` is set to an expression that incorporates external or user-supplied input. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33713","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06746","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33713"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33713","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33713"},{"reference_url":"https://github.com/advisories/GHSA-98c2-4cr3-4jc3","reference_id":"GHSA-98c2-4cr3-4jc3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-98c2-4cr3-4jc3"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3","reference_id":"GHSA-98c2-4cr3-4jc3","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T17:58:32Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374760?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/374759?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17dc-5ubt-g3e1"},{"vulnerability":"VCID-456j-q8xt-57e3"},{"vulnerability":"VCID-krxn-r6bc-cffu"},{"vulnerability":"VCID-nhbw-hcq1-b3em"},{"vulnerability":"VCID-nva1-tjfr-ckb5"},{"vulnerability":"VCID-rq3f-24px-ykfk"},{"vulnerability":"VCID-su1t-s9q1-h7am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33713","GHSA-98c2-4cr3-4jc3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umut-3bp5-y3eq"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.8.4"}