n8n — Vulnerabilities & Security Advisories 46

All 46 CVE vulnerabilities found in n8n, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-33751	n8n Vulnerable to LDAP Filter Injection in LDAP Node CWE-90	8.2	-	2026-03-25
CVE-2026-33749	n8n Vulnerable to XSS via Binary Data Inline HTML Rendering CWE-79	4.6	-	2026-03-25
CVE-2026-33724	n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no CWE-639	6.5	-	2026-03-25
CVE-2026-33722	n8n Has External Secrets Authorization Bypass in Credential Saving CWE-863	5.3	-	2026-03-25
CVE-2026-33720	n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK CWE-863	5.4	-	2026-03-25
CVE-2026-33713	n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression CWE-89	8.8	-	2026-03-25
CVE-2026-33696	n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE CWE-1321	8.8	-	2026-03-25
CVE-2026-33665	n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover CWE-287	8.5	-	2026-03-25
CVE-2026-33663	n8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition CWE-639	6.5	-	2026-03-25
CVE-2026-33660	n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode CWE-94	8.8	-	2026-03-25
CVE-2026-27496	n8n has In-Process Memory Disclosure in its Task Runner CWE-908	6.5	-	2026-03-25
CVE-2026-27498	n8n has Arbitrary Command Execution via File Write and Git Operations CWE-94	8.8^AI	High^AI	2026-02-25
CVE-2026-27578	n8n Vulnerable to Stored XSS via Various Nodes CWE-80	5.4^AI	Medium^AI	2026-02-25
CVE-2026-27577	n8n: Expression Sandbox Escape Leads to RCE CWE-94	9.9^AI	Critical^AI	2026-02-25
CVE-2026-27497	n8n has Potential Remote Code Execution via Merge Node CWE-94	8.8^AI	High^AI	2026-02-25
CVE-2026-27495	n8n has a Sandbox Escape in its JavaScript Task Runner CWE-94	8.5^AI	High^AI	2026-02-25
CVE-2026-27494	n8n has Arbitrary File Read via Python Code Node Sandbox Escape CWE-497	9.9^AI	Critical^AI	2026-02-25
CVE-2026-27493	n8n has Unauthenticated Expression Evaluation via Form Node CWE-94	9.8^AI	Critical^AI	2026-02-25
CVE-2026-25631	Domain allowlist bypass enables credential exfiltration CWE-20	6.5^AI	Medium^AI	2026-02-06
CVE-2026-21893	n8n Vulnerable to Command Injection in Community Package Installation CWE-78	7.2^AI	High^AI	2026-02-04
CVE-2026-25115	n8n is vulnerable to Python sandbox escape CWE-693	9.9^AI	Critical^AI	2026-02-04
CVE-2026-25056	n8n Arbitrary File Write leading to RCE in n8n Merge Node CWE-434	8.8^AI	High^AI	2026-02-04
CVE-2026-25055	n8n Arbitrary File Write on Remote Systems via SSH Node CWE-22	10.0^AI	Critical^AI	2026-02-04
CVE-2026-25054	n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI CWE-80	5.4^AI	Medium^AI	2026-02-04
CVE-2026-25053	n8n is Vulnerable to OS Command Injection in Git Node CWE-78	8.8^AI	High^AI	2026-02-04
CVE-2026-25052	n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users CWE-367	8.8^AI	High^AI	2026-02-04
CVE-2026-25051	n8n Improper CSP Enforcement in Webhook Responses May Allow Stored XSS CWE-79	5.4^AI	Medium^AI	2026-02-04
CVE-2025-61917	n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner CWE-668	7.7	High	2026-02-04
CVE-2026-25049	n8n Has an Expression Escape Vulnerability Leading to RCE CWE-913	9.9^AI	Critical^AI	2026-02-04
CVE-2025-68949	n8n has a Webhook Node IP Whitelist Bypass via Partial String Matching CWE-134	5.3	Medium	2026-01-13

All 46 known CVE vulnerabilities affecting n8n with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

n8n — Vulnerabilities & Security Advisories 46