浏览 47+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39974 | n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode | czlonkowski | n8n-mcp | High | 8.5 | 2026-04-09 16:45:20 | Deep Dive |
| CVE-2026-33751 | n8n Vulnerable to LDAP Filter Injection in LDAP Node | n8n-io | n8n | 中危 | - | 2026-03-25 18:47:39 | Deep Dive |
| CVE-2026-33749 | n8n Vulnerable to XSS via Binary Data Inline HTML Rendering | n8n-io | n8n | 高危 | - | 2026-03-25 18:39:55 | Deep Dive |
| CVE-2026-33724 | n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no | n8n-io | n8n | 中危 | - | 2026-03-25 18:26:54 | Deep Dive |
| CVE-2026-33722 | n8n Has External Secrets Authorization Bypass in Credential Saving | n8n-io | n8n | 中危 | - | 2026-03-25 18:09:37 | Deep Dive |
| CVE-2026-33720 | n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK | n8n-io | n8n | 中危 | - | 2026-03-25 18:06:39 | Deep Dive |
| CVE-2026-33713 | n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression | n8n-io | n8n | 超危 | - | 2026-03-25 17:47:44 | Deep Dive |
| CVE-2026-33696 | n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE | n8n-io | n8n | 超危 | - | 2026-03-25 17:40:39 | Deep Dive |
| CVE-2026-33665 | n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover | n8n-io | n8n | 高危 | - | 2026-03-25 17:32:21 | Deep Dive |
| CVE-2026-33663 | n8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition | n8n-io | n8n | 超危 | - | 2026-03-25 17:11:10 | Deep Dive |
| CVE-2026-33660 | n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode | n8n-io | n8n | 超危 | - | 2026-03-25 17:09:10 | Deep Dive |
| CVE-2026-27496 | n8n has In-Process Memory Disclosure in its Task Runner | n8n-io | n8n | 中危 | - | 2026-03-25 17:07:06 | Deep Dive |
| CVE-2026-27498 | n8n has Arbitrary Command Execution via File Write and Git Operations | n8n-io | n8n | - | - | 2026-02-25 22:42:22 | Deep Dive |
| CVE-2026-27578 | n8n Vulnerable to Stored XSS via Various Nodes | n8n-io | n8n | - | - | 2026-02-25 22:40:39 | Deep Dive |
| CVE-2026-27577 | n8n: Expression Sandbox Escape Leads to RCE | n8n-io | n8n | - | - | 2026-02-25 22:19:45 | Deep Dive |
| CVE-2026-27497 | n8n has Potential Remote Code Execution via Merge Node | n8n-io | n8n | - | - | 2026-02-25 22:16:08 | Deep Dive |
| CVE-2026-27495 | n8n has a Sandbox Escape in its JavaScript Task Runner | n8n-io | n8n | - | - | 2026-02-25 22:10:04 | Deep Dive |
| CVE-2026-27494 | n8n has Arbitrary File Read via Python Code Node Sandbox Escape | n8n-io | n8n | - | - | 2026-02-25 22:08:01 | Deep Dive |
| CVE-2026-27493 | n8n has Unauthenticated Expression Evaluation via Form Node | n8n-io | n8n | - | - | 2026-02-25 22:05:01 | Deep Dive |
| CVE-2026-25631 | Domain allowlist bypass enables credential exfiltration | n8n-io | n8n | - | - | 2026-02-06 20:34:54 | Deep Dive |