Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

n8n — Vulnerabilities & Security Advisories 46

All 46 CVE vulnerabilities found in n8n, with AI-generated Chinese analysis, references, and POCs.

Vendor: n8n-io

CVE IDTitleCVSSSeverityPublished
CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks CWE-290 6.5 Medium2026-01-08
CVE-2026-21877 n8n is vulnerable to Remote Code Execution via Arbitrary File Write CWE-94 10.0 Critical2026-01-08
CVE-2026-21858 n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling CWE-20 10.0 Critical2026-01-07
CVE-2025-68697 Self-hosted n8n has Legacy Code node that enables arbitrary file read/write CWE-269 7.1 High2025-12-26
CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node CWE-693 9.9 Critical2025-12-26
CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox CWE-79 7.3 High2025-12-26
CVE-2025-68613 n8n Vulnerable to Remote Code Execution via Expression Injection CWE-913 10.0 Critical2025-12-19
CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook CWE-829 9.8AICriticalAI2025-12-08
CVE-2025-62726 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook CWE-829 8.8 High2025-10-30
CVE-2025-58177 n8n stored cross-site scripting in LangChain Chat Trigger node initialMessages parameter CWE-79 5.4 Medium2025-09-15
CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files CWE-59 6.5 Medium2025-08-20
CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source CWE-79 8.7 High2025-08-19
CVE-2025-52554 n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows CWE-862 5.4AIMediumAI2025-07-03
CVE-2025-49595 n8n Vulnerable to Denial of Service via Malformed Binary Data Requests CWE-400 4.9 Medium2025-07-03
CVE-2025-49592 n8n Login Flow has Open Redirect Vulnerability CWE-601 4.6 Medium2025-06-26
CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint CWE-79 5.0 Medium2025-04-29

All 46 known CVE vulnerabilities affecting n8n with full Chinese analysis, references, and POCs where available.