{"url":"http://public2.vulnerablecode.io/api/packages/969079?format=json","purl":"pkg:npm/n8n@2.9.1","type":"npm","namespace":"","name":"n8n","version":"2.9.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.17.5","latest_non_vulnerable_version":"2.22.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91018?format=json","vulnerability_id":"VCID-1n3j-672w-p3f9","summary":"n8n has SQL Injection in Data Table Node via orderByColumn Expression\n## Impact\nAn authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement execution is possible, enabling data modification and deletion.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.26, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Data Table node by adding `n8n-nodes-base.dataTable` to the `NODES_EXCLUDE` environment variable.\n- Review existing workflows for Data Table Get nodes where `orderByColumn` is set to an expression that incorporates external or user-supplied input.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33713","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0671","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06753","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06764","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06712","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06761","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33713"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T17:58:32Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-98c2-4cr3-4jc3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33713","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33713"},{"reference_url":"https://github.com/advisories/GHSA-98c2-4cr3-4jc3","reference_id":"GHSA-98c2-4cr3-4jc3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98c2-4cr3-4jc3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113026?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/113025?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33713","GHSA-98c2-4cr3-4jc3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"8.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1n3j-672w-p3f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91658?format=json","vulnerability_id":"VCID-38wy-4z9b-gfeh","summary":"n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition\n## Impact\nAn authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) belonging to other users on the same instance.\n\nThe attack abuses a name-based credential resolution path that does not enforce ownership or project scope, combined with a bypass in the credentials permission checker that causes generic HTTP credential types to be skipped during pre-execution validation. Together, these flaws allow a member-role user to resolve another user's credential ID and execute a workflow that decrypts and uses that credential without authorization.\n\nNative integration credential types (e.g. `slackApi`, `openAiApi`, `postgres`) are not affected by this issue.\n\nThis vulnerability affects Community Edition only. Enterprise Edition has additional permission gates on workflow creation and execution that independently block this attack chain.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict instance access to fully trusted users only.\n- Audit credentials stored on the instance and rotate any generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) that may have been exposed.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33663","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06387","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06433","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06442","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06394","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06451","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33663"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-m63j-689w-3j35","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:51:35Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-m63j-689w-3j35"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33663","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33663"},{"reference_url":"https://github.com/advisories/GHSA-m63j-689w-3j35","reference_id":"GHSA-m63j-689w-3j35","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m63j-689w-3j35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113026?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/113025?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33663","GHSA-m63j-689w-3j35"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"8.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38wy-4z9b-gfeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50394?format=json","vulnerability_id":"VCID-3bk2-zvud-c7et","summary":"n8n has Unauthenticated Expression Evaluation via Form Node\nA second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host.\n\nThe vulnerability requires a specific workflow configuration to be exploitable:\n1. A form node with a field interpolating a value provided by an unauthenticated user, e.g. a form submitted value.\n2. The field value must begin with an `=` character, which caused n8n to treat it as an expression and triggered a double-evaluation of the field content.\nFor example, a workflow uses a multi-step Form where a downstream Form node renders user-provided input back in an HTML field and precedes it with an `=` sign:\n`=<h2>Thank you, {{ $input.first().json[\\\"Name\\\"] }}!</h2>`\n\nThere is no practical reason for a workflow designer to prefix a field with `=` intentionally — the character is not rendered in the output, so the result would not match the designer's expectations. If added accidentally, it would be noticeable and very unlikely to persist. An unauthenticated attacker would need to either know about this specific circumstance on a target instance or discover a matching form by chance.\n\nEven when the preconditions are met, the expression injection alone is limited to data accessible within the n8n expression context. Escalation to remote code execution requires chaining with a separate sandbox escape vulnerability.\n\nDue to these real-world constraints — the unlikely workflow configuration, the need for an additional sandbox escape, and the difficulty of discovery — we have assessed the severity as High rather than Critical, diverging from the base CVSS score to better reflect actual exploitability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27493","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50337","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50318","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50347","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50366","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50358","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27493"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/commit/562d867483e871b0f1e31776252e23bd721df75b","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/commit/562d867483e871b0f1e31776252e23bd721df75b"},{"reference_url":"https://github.com/n8n-io/n8n/issues/19","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/issues/19"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27493","reference_id":"CVE-2026-27493","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27493"},{"reference_url":"https://github.com/advisories/GHSA-75g8-rv7v-32f7","reference_id":"GHSA-75g8-rv7v-32f7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-75g8-rv7v-32f7"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7","reference_id":"GHSA-75g8-rv7v-32f7","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:27:11Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74244?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-ttr7-jtyj-4ufp"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74245?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27493","GHSA-75g8-rv7v-32f7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3bk2-zvud-c7et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88997?format=json","vulnerability_id":"VCID-4axp-5smx-g7bc","summary":"n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration\n## Impact\nThe MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. The MCP enable/disable toggle gates MCP access but did not restrict client registrations, meaning the endpoint is reachable regardless of whether MCP access is enabled on the instance.\n\nThe patches address the unbound registration with an upper bound of registered clients and disabling creation when MCP is disabled on the instance. Mean to restrict the payload size of requests already exist and can be used to control additional risks.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict network access to the n8n instance to prevent requests from untrusted sources.\n- Reduce the maximum accepted payload size by lowering the `N8N_PAYLOAD_SIZE_MAX` environment variable from its default value.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42236","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37315","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37244","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37282","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37309","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42236"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:59:10Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42236","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42236"},{"reference_url":"https://github.com/advisories/GHSA-49m9-pgww-9vq6","reference_id":"GHSA-49m9-pgww-9vq6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-49m9-pgww-9vq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109892?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nf1f-y3be-pyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/109890?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42236","GHSA-49m9-pgww-9vq6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4axp-5smx-g7bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91068?format=json","vulnerability_id":"VCID-74fh-jbha-m7d7","summary":"n8n Vulnerable to LDAP Filter Injection in LDAP Node\n## Impact\nA flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow.\n\nExploitation requires a specific workflow configuration:\n- The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook).\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable.\n- Avoid passing unvalidated external user input into LDAP node search parameters via expressions.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33751","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05214","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05254","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0526","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05259","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05276","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33751"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:10:55Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33751","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33751"},{"reference_url":"https://github.com/advisories/GHSA-w83q-mcmx-mh42","reference_id":"GHSA-w83q-mcmx-mh42","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w83q-mcmx-mh42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113026?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/113025?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33751","GHSA-w83q-mcmx-mh42"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74fh-jbha-m7d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91717?format=json","vulnerability_id":"VCID-ardd-vu45-uba8","summary":"n8n has XSS in Chat Trigger Node through Custom CSS\n## Impact\nAn authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the `sanitize-html` library, the sanitization could be bypassed, resulting in stored XSS on the public chat page. Any user visiting the chat URL would be affected.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Chat Trigger node by adding `@n8n/n8n-nodes-langchain.chatTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279"},{"reference_url":"https://github.com/advisories/GHSA-3c7f-5hgj-h279","reference_id":"GHSA-3c7f-5hgj-h279","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3c7f-5hgj-h279"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113026?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/113025?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["GHSA-3c7f-5hgj-h279"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ardd-vu45-uba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50375?format=json","vulnerability_id":"VCID-axyq-35hd-skhq","summary":"n8n: Expression Sandbox Escape Leads to RCE\nAdditional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp).\nAn authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27577","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38803","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38827","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38831","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38786","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38775","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27577"},{"reference_url":"https://docs.n8n.io/hosting/securing/overview","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://docs.n8n.io/hosting/securing/overview"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6"},{"reference_url":"https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27577","reference_id":"CVE-2026-27577","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27577"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp","reference_id":"GHSA-v98v-ff95-f3cp","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp"},{"reference_url":"https://github.com/advisories/GHSA-vpcf-gvg4-6qwr","reference_id":"GHSA-vpcf-gvg4-6qwr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vpcf-gvg4-6qwr"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr","reference_id":"GHSA-vpcf-gvg4-6qwr","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:14:18Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74244?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-ttr7-jtyj-4ufp"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74245?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27577","GHSA-vpcf-gvg4-6qwr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axyq-35hd-skhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90145?format=json","vulnerability_id":"VCID-bbmg-r6ze-dugs","summary":"n8n has SQL Injection in Snowflake and MySQL Nodes\n## Impact\nThe fix for [GHSA-f3f2-mcxc-pwjx](https://github.com/advisories/GHSA-f3f2-mcxc-pwjx) did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against the connected database.\n\nExploitation requires a specific workflow configuration:\n- The Snowflake or MySQL v1 node must be used with user-controlled input passed via expressions (e.g., from a form or webhook) into identifier fields such as table name, column name, or update key.\n\nSuccessful exploitation could allow data exfiltration, modification, or deletion on the downstream database.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Migrate workflows from the legacy MySQL v1 node to the MySQL v2 node, which already implements identifier escaping.\n- Disable the Snowflake node by adding `n8n-nodes-base.snowflake` to the `NODES_EXCLUDE` environment variable.\n- Avoid passing unvalidated external user input into table name, column name, or update key fields via expressions in the affected nodes.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42237","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11439","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11319","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11399","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11436","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11335","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42237"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T20:17:33Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42237","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42237"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx","reference_id":"GHSA-f3f2-mcxc-pwjx","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx"},{"reference_url":"https://github.com/advisories/GHSA-hp3c-vfpm-q4f7","reference_id":"GHSA-hp3c-vfpm-q4f7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hp3c-vfpm-q4f7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109892?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nf1f-y3be-pyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/109890?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42237","GHSA-hp3c-vfpm-q4f7"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbmg-r6ze-dugs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91816?format=json","vulnerability_id":"VCID-bf5s-ucsz-rbgp","summary":"n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode\n## Impact\nAn authenticated user with permission to create or modify workflows could use the Merge node's \"Combine by SQL\" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the intance.\n\n## Patches\nThe issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33660","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2373","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2363","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23684","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23745","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23637","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33660"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-28T01:26:07Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-58qr-rcgv-642v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33660","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33660"},{"reference_url":"https://github.com/advisories/GHSA-58qr-rcgv-642v","reference_id":"GHSA-58qr-rcgv-642v","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58qr-rcgv-642v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113026?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/113025?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33660","GHSA-58qr-rcgv-642v"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bf5s-ucsz-rbgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50364?format=json","vulnerability_id":"VCID-dd53-wba6-f3c6","summary":"n8n has Potential Remote Code Execution via Merge Node\nAn authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27497","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22914","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22804","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22855","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22899","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22807","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27497"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27497","reference_id":"CVE-2026-27497","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27497"},{"reference_url":"https://github.com/advisories/GHSA-wxx7-mcgf-j869","reference_id":"GHSA-wxx7-mcgf-j869","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wxx7-mcgf-j869"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869","reference_id":"GHSA-wxx7-mcgf-j869","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T19:35:17Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74244?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-ttr7-jtyj-4ufp"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74245?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27497","GHSA-wxx7-mcgf-j869"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dd53-wba6-f3c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89368?format=json","vulnerability_id":"VCID-fwxr-8gw5-9fgx","summary":"n8n has Open Redirect in MCP OAuth Consent Flow\n## Impact\nThe `/mcp-oauth/register` endpoint accepted OAuth client registrations without authentication, allowing arbitrary `redirect_uri` values to be registered. When a user denies the MCP OAuth consent dialog, the `handleDeny` handler redirects the user to the registered `redirect_uri` without validation, enabling an open redirect to an attacker-controlled URL. An attacker can craft a phishing link and send it to a victim; if the victim clicks \"Deny\" on the consent page, they are silently redirected to an external site.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict network access to the n8n instance to prevent untrusted users from reaching the MCP OAuth endpoints.\n- Limit access to the n8n instance to fully trusted users only.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42230","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17776","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17685","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17668","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17742","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17781","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42230"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T19:55:49Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42230","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42230"},{"reference_url":"https://github.com/advisories/GHSA-f6x8-65q6-j9m9","reference_id":"GHSA-f6x8-65q6-j9m9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6x8-65q6-j9m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109892?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nf1f-y3be-pyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/109890?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42230","GHSA-f6x8-65q6-j9m9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwxr-8gw5-9fgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91129?format=json","vulnerability_id":"VCID-fz16-2act-hqg7","summary":"n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE\n## Impact\nAn authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the GSuiteAdmin node. By supplying a crafted parameter as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance.\n\n## Patches\nThe issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33696","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43512","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43455","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43488","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43501","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43463","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33696"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T20:08:10Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33696","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33696"},{"reference_url":"https://github.com/advisories/GHSA-mxrg-77hm-89hv","reference_id":"GHSA-mxrg-77hm-89hv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxrg-77hm-89hv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113026?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/113025?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33696","GHSA-mxrg-77hm-89hv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fz16-2act-hqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89899?format=json","vulnerability_id":"VCID-gbpq-vzwt-ykep","summary":"n8n has SQL Injection in Oracle Database Node via Limit Field\n## Impact\nA flaw in the Oracle Database node's select operation allowed user-controlled input passed into the `Limit` field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input is passed into the `Limit` field (e.g., from a webhook), an attacker could inject arbitrary SQL and exfiltrate data from the connected Oracle database.\n\nExploitation requires a specific workflow configuration:\n- The Oracle Database node must be used with user-controlled input passed via expressions into the `Limit` field.\n- Authentication requirements depend on the workflow's configuration (e.g., an unauthenticated webhook endpoint would allow unauthenticated exploitation).\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Oracle Database node by adding `n8n-nodes-base.oracleDatabase` to the `NODES_EXCLUDE` environment variable.\n- Avoid passing unvalidated external user input into the Oracle Database node's `Limit` field via expressions.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42233","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19865","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1982","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19798","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19906","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19913","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42233"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:55Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42233","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42233"},{"reference_url":"https://github.com/advisories/GHSA-r6jc-mpqw-m755","reference_id":"GHSA-r6jc-mpqw-m755","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6jc-mpqw-m755"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109892?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nf1f-y3be-pyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/109890?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42233","GHSA-r6jc-mpqw-m755"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbpq-vzwt-ykep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89528?format=json","vulnerability_id":"VCID-h7b1-xmu3-wbc1","summary":"n8n Vulnerable to Hijacking of Unauthenticated Chat Execution\n## Impact\nThe `/chat` WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior.\n\nExploitation requires the following conditions:\n- The instance exposes a public Hosted Chat workflow with authentication set to `None`.\n- A target execution is in a waiting state at the time of the attack.\n- The attacker can obtain or discover the execution ID of that waiting execution.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Enable authentication on all Chat Trigger nodes by setting the Authentication field to `n8n User Auth` rather than `None`.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42228","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25491","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25441","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25432","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25536","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25549","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42228"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T13:47:46Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42228","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42228"},{"reference_url":"https://github.com/advisories/GHSA-f77h-j2v7-g6mw","reference_id":"GHSA-f77h-j2v7-g6mw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f77h-j2v7-g6mw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109892?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nf1f-y3be-pyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/109890?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42228","GHSA-f77h-j2v7-g6mw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7b1-xmu3-wbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50396?format=json","vulnerability_id":"VCID-j3t9-jkr4-7fbc","summary":"n8n Vulnerable to Stored XSS via Various Nodes\nAn authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes (Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node). Scripts injected by a malicious workflow execute in the browser of any user who visits the affected page, enabling session hijacking and account takeover.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27578","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09863","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09831","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09916","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09943","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09928","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27578"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a"},{"reference_url":"https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6"},{"reference_url":"https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27578","reference_id":"CVE-2026-27578","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27578"},{"reference_url":"https://github.com/advisories/GHSA-2p9h-rqjw-gm92","reference_id":"GHSA-2p9h-rqjw-gm92","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2p9h-rqjw-gm92"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92","reference_id":"GHSA-2p9h-rqjw-gm92","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74244?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-ttr7-jtyj-4ufp"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74245?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27578","GHSA-2p9h-rqjw-gm92"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j3t9-jkr4-7fbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50392?format=json","vulnerability_id":"VCID-ka79-3enj-fkew","summary":"n8n has Arbitrary File Read via Python Code Node Sandbox Escape\nAn authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE.\n\nOn instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner.\n\n- Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27494","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25641","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.2565","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25544","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25535","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25594","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27494"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27494","reference_id":"CVE-2026-27494","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27494"},{"reference_url":"https://github.com/advisories/GHSA-mmgg-m5j7-f83h","reference_id":"GHSA-mmgg-m5j7-f83h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmgg-m5j7-f83h"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h","reference_id":"GHSA-mmgg-m5j7-f83h","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:28:47Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74244?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-ttr7-jtyj-4ufp"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74245?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27494","GHSA-mmgg-m5j7-f83h"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"8.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ka79-3enj-fkew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91862?format=json","vulnerability_id":"VCID-m8k1-g6g5-qbfs","summary":"n8n: Authenticated XSS and Open Redirect via Form Node\n## Impact\nAn authenticated user with permission to create or modify workflows could configure a Form Node with an unsanitized HTML description field or exploit an overly permissive iframe sandbox policy to perform stored cross-site scripting or redirect end users visiting the form to an arbitrary external URL. The vulnerability could be used to facilitate phishing attacks.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.24, 2.10.4 and 2.12.0. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable.\n- Disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c"},{"reference_url":"https://github.com/advisories/GHSA-w673-8fjw-457c","reference_id":"GHSA-w673-8fjw-457c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w673-8fjw-457c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114356?format=json","purl":"pkg:npm/n8n@2.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.4"},{"url":"http://public2.vulnerablecode.io/api/packages/114355?format=json","purl":"pkg:npm/n8n@2.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.12.0"}],"aliases":["GHSA-w673-8fjw-457c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8k1-g6g5-qbfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91244?format=json","vulnerability_id":"VCID-nazv-a4as-fkgk","summary":"n8n Vulnerable to XSS via Binary Data Inline HTML Rendering\n## Impact\nAn authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endpoint served such responses inline on the n8n origin without `Content-Disposition` or `Content-Security-Policy` headers, allowing the HTML to render in the browser with full same-origin JavaScript access.\n\nBy sending the resulting URL to a higher-privileged user, an attacker could execute JavaScript in the victim's authenticated session, enabling exfiltration of workflows and credentials, modification of workflows, or privilege escalation to admin.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Restrict network access to the n8n instance to prevent untrusted users from accessing binary data URLs.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33749","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15887","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15823","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15801","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15929","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1594","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33749"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:07:00Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33749","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33749"},{"reference_url":"https://github.com/advisories/GHSA-qfc3-hm4j-7q77","reference_id":"GHSA-qfc3-hm4j-7q77","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qfc3-hm4j-7q77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113026?format=json","purl":"pkg:npm/n8n@2.13.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.13.3"},{"url":"http://public2.vulnerablecode.io/api/packages/113025?format=json","purl":"pkg:npm/n8n@2.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.14.1"}],"aliases":["CVE-2026-33749","GHSA-qfc3-hm4j-7q77"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nazv-a4as-fkgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91420?format=json","vulnerability_id":"VCID-rh43-8ugj-ufe3","summary":"n8n has In-Process Memory Disclosure in its Task Runner\n## Impact\nAn authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens — resulting in information disclosure of sensitive in-process data.\n- Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`.\n- In external runner mode, the impact is limited to data within the external runner process.\n\n## Patches\nThe issue has been fixed in n8n versions >= 1.123.22, >= 2.10.1 , and >= 2.9.3. Users should upgrade to this version or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Use external runner mode (`N8N_RUNNERS_MODE=external`) to isolate the runner process.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27496","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12637","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12607","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12688","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12728","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12725","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27496"},{"reference_url":"https://docs.n8n.io/hosting/configuration/task-runners","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/"}],"url":"https://docs.n8n.io/hosting/configuration/task-runners"},{"reference_url":"https://docs.n8n.io/hosting/securing/blocking-nodes","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/"}],"url":"https://docs.n8n.io/hosting/securing/blocking-nodes"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-xvh5-5qg4-x9qp","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:08:59Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-xvh5-5qg4-x9qp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27496","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27496"},{"reference_url":"https://github.com/advisories/GHSA-xvh5-5qg4-x9qp","reference_id":"GHSA-xvh5-5qg4-x9qp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvh5-5qg4-x9qp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74244?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-ttr7-jtyj-4ufp"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74245?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27496","GHSA-xvh5-5qg4-x9qp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rh43-8ugj-ufe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50425?format=json","vulnerability_id":"VCID-srsg-ge6y-2ybu","summary":"n8n has an Authentication Bypass in its Chat Trigger Node\nWhen the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented.\n- This issue requires the Chat Trigger node to be configured with n8n User Auth authentication (non-default).","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/062644ef786b6af480afe4a0f12bc6d70040534a"},{"reference_url":"https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/1479aab2d32fe0ee087f82b9038b1035c98be2f6"},{"reference_url":"https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/9e5212ecbc5d2d4e6f340b636a5e84be6369882e"},{"reference_url":"https://github.com/advisories/GHSA-jh8h-6c9q-7gmw","reference_id":"GHSA-jh8h-6c9q-7gmw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh8h-6c9q-7gmw"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw","reference_id":"GHSA-jh8h-6c9q-7gmw","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74244?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-ttr7-jtyj-4ufp"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74245?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["GHSA-jh8h-6c9q-7gmw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srsg-ge6y-2ybu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50352?format=json","vulnerability_id":"VCID-tfcu-w2ek-wkf9","summary":"n8n has a Sandbox Escape in its JavaScript Task Runner\nAn authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary.\n\nOn instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner.\n- Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27495","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27977","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27854","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27847","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27891","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27927","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27495"},{"reference_url":"https://docs.n8n.io/hosting/configuration/task-runners","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://docs.n8n.io/hosting/configuration/task-runners"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@1.123.22"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.1"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.9.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27495","reference_id":"CVE-2026-27495","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27495"},{"reference_url":"https://github.com/advisories/GHSA-jjpj-p2wh-qf23","reference_id":"GHSA-jjpj-p2wh-qf23","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjpj-p2wh-qf23"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23","reference_id":"GHSA-jjpj-p2wh-qf23","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:28:01Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74244?format=json","purl":"pkg:npm/n8n@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-ttr7-jtyj-4ufp"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/74245?format=json","purl":"pkg:npm/n8n@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.1"}],"aliases":["CVE-2026-27495","GHSA-jjpj-p2wh-qf23"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfcu-w2ek-wkf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91005?format=json","vulnerability_id":"VCID-ts5h-by8q-4ybw","summary":"n8n has a Stored XSS Vulnerability in its Form Trigger\n## Impact\nAn authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form, enabling form submission hijacking and phishing. The existing Content Security Policy prevents direct n8n session cookie theft but does not prevent script execution or form action manipulation.\n\n## Patches\nThe issue has been fixed in n8n versions 2.12.0, 2.11.2, and 1.123.25. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g"},{"reference_url":"https://github.com/advisories/GHSA-q4fm-pjq6-m63g","reference_id":"GHSA-q4fm-pjq6-m63g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q4fm-pjq6-m63g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113006?format=json","purl":"pkg:npm/n8n@2.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.11.2"}],"aliases":["GHSA-q4fm-pjq6-m63g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ts5h-by8q-4ybw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50409?format=json","vulnerability_id":"VCID-ttr7-jtyj-4ufp","summary":"n8n has a Guardrail Node Bypass\nAn end user interacting with a workflow that uses the Guardrail node could craft an input that bypasses the default guardrail instructions.","references":[{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/commit/8d0251d1deef256fd3d9176f05dedab62afde918","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/commit/8d0251d1deef256fd3d9176f05dedab62afde918"},{"reference_url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.0","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/releases/tag/n8n@2.10.0"},{"reference_url":"https://github.com/advisories/GHSA-fvfv-ppw4-7h2w","reference_id":"GHSA-fvfv-ppw4-7h2w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvfv-ppw4-7h2w"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w","reference_id":"GHSA-fvfv-ppw4-7h2w","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74242?format=json","purl":"pkg:npm/n8n@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1n3j-672w-p3f9"},{"vulnerability":"VCID-38wy-4z9b-gfeh"},{"vulnerability":"VCID-3bk2-zvud-c7et"},{"vulnerability":"VCID-4axp-5smx-g7bc"},{"vulnerability":"VCID-74fh-jbha-m7d7"},{"vulnerability":"VCID-ardd-vu45-uba8"},{"vulnerability":"VCID-axyq-35hd-skhq"},{"vulnerability":"VCID-bbmg-r6ze-dugs"},{"vulnerability":"VCID-bf5s-ucsz-rbgp"},{"vulnerability":"VCID-dd53-wba6-f3c6"},{"vulnerability":"VCID-fwxr-8gw5-9fgx"},{"vulnerability":"VCID-fz16-2act-hqg7"},{"vulnerability":"VCID-gbpq-vzwt-ykep"},{"vulnerability":"VCID-h7b1-xmu3-wbc1"},{"vulnerability":"VCID-j3t9-jkr4-7fbc"},{"vulnerability":"VCID-ka79-3enj-fkew"},{"vulnerability":"VCID-m8k1-g6g5-qbfs"},{"vulnerability":"VCID-nazv-a4as-fkgk"},{"vulnerability":"VCID-rh43-8ugj-ufe3"},{"vulnerability":"VCID-srsg-ge6y-2ybu"},{"vulnerability":"VCID-tfcu-w2ek-wkf9"},{"vulnerability":"VCID-ts5h-by8q-4ybw"},{"vulnerability":"VCID-vn1a-guqa-5fc3"},{"vulnerability":"VCID-w1wa-4kd7-abfm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.10.0"}],"aliases":["GHSA-fvfv-ppw4-7h2w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttr7-jtyj-4ufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89931?format=json","vulnerability_id":"VCID-vn1a-guqa-5fc3","summary":"n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure\n## Impact\nAn authenticated user with a valid API key scoped to `variable:list` could read variables from projects they are not a member of by supplying an arbitrary `projectId` query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforcing project membership checks, bypassing the authorization-aware service layer used by the internal enterprise controller. \n\nIf variables were misused to store sensitive information such as credentials or tokens, they should be rotated immediately.\n\nThis issue only affects licensed enterprise or team deployments with multiple projects and the variables feature enabled.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n\n- Restrict n8n access and API key issuance to fully trusted users only.\n- Audit existing project variables for sensitive values and rotate any secrets that may have been exposed.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42227","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11846","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11736","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11724","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11806","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1184","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42227"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:08:26Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42227","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42227"},{"reference_url":"https://github.com/advisories/GHSA-756q-gq9h-fp22","reference_id":"GHSA-756q-gq9h-fp22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-756q-gq9h-fp22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109892?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nf1f-y3be-pyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/109890?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42227","GHSA-756q-gq9h-fp22"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vn1a-guqa-5fc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90288?format=json","vulnerability_id":"VCID-w1wa-4kd7-abfm","summary":"n8n has SQL Injection in SeaTable Node\n## Impact\nA flaw in the SeaTable node's `row:search` and `row:get` operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row retrieval parameters, an attacker could manipulate the constructed query to retrieve unintended rows from the connected SeaTable base, bypassing row-level filtering logic implemented in the workflow.\n\nExploitation requires a specific workflow configuration:\n- The SeaTable node must be used with user-controlled input passed via expressions (e.g., from a form or webhook) into the `searchTerm` or `rowId` parameters.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the SeaTable node by adding `n8n-nodes-base.seaTable` to the `NODES_EXCLUDE` environment variable.\n- Avoid passing unvalidated external user input into SeaTable node search or row retrieval parameters via expressions.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42229","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19913","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1982","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19798","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19865","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19906","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42229"},{"reference_url":"https://github.com/n8n-io/n8n","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/n8n-io/n8n"},{"reference_url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T15:00:08Z/"}],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42229","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42229"},{"reference_url":"https://github.com/advisories/GHSA-mp4j-h6gh-f6mp","reference_id":"GHSA-mp4j-h6gh-f6mp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mp4j-h6gh-f6mp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109892?format=json","purl":"pkg:npm/n8n@2.17.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nf1f-y3be-pyaq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.17.4"},{"url":"http://public2.vulnerablecode.io/api/packages/109890?format=json","purl":"pkg:npm/n8n@2.18.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.18.1"}],"aliases":["CVE-2026-42229","GHSA-mp4j-h6gh-f6mp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1wa-4kd7-abfm"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/n8n@2.9.1"}