Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

n8n-io — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting n8n-io. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by n8n-io:n8n
CVE IDTitleCVSSSeverityPublished
CVE-2026-33751 n8n Vulnerable to LDAP Filter Injection in LDAP Node — n8nCWE-90 8.2 -2026-03-25
CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering — n8nCWE-79 4.6 -2026-03-25
CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no — n8nCWE-639 6.5 -2026-03-25
CVE-2026-33722 n8n Has External Secrets Authorization Bypass in Credential Saving — n8nCWE-863 5.3 -2026-03-25
CVE-2026-33720 n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK — n8nCWE-863 5.4 -2026-03-25
CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression — n8nCWE-89 8.8 -2026-03-25
CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE — n8nCWE-1321 8.8 -2026-03-25
CVE-2026-33665 n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover — n8nCWE-287 8.5 -2026-03-25
CVE-2026-33663 n8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition — n8nCWE-639 6.5 -2026-03-25
CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode — n8nCWE-94 8.8 -2026-03-25
CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner — n8nCWE-908 6.5 -2026-03-25
CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations — n8nCWE-94 8.8AIHighAI2026-02-25
CVE-2026-27578 n8n Vulnerable to Stored XSS via Various Nodes — n8nCWE-80 5.4AIMediumAI2026-02-25
CVE-2026-27577 n8n: Expression Sandbox Escape Leads to RCE — n8nCWE-94 9.9AICriticalAI2026-02-25
CVE-2026-27497 n8n has Potential Remote Code Execution via Merge Node — n8nCWE-94 8.8AIHighAI2026-02-25
CVE-2026-27495 n8n has a Sandbox Escape in its JavaScript Task Runner — n8nCWE-94 8.5AIHighAI2026-02-25
CVE-2026-27494 n8n has Arbitrary File Read via Python Code Node Sandbox Escape — n8nCWE-497 9.9AICriticalAI2026-02-25
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node — n8nCWE-94 9.8AICriticalAI2026-02-25
CVE-2026-25631 Domain allowlist bypass enables credential exfiltration — n8nCWE-20 6.5AIMediumAI2026-02-06
CVE-2026-21893 n8n Vulnerable to Command Injection in Community Package Installation — n8nCWE-78 7.2AIHighAI2026-02-04
CVE-2026-25115 n8n is vulnerable to Python sandbox escape — n8nCWE-693 9.9AICriticalAI2026-02-04
CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node — n8nCWE-434 8.8AIHighAI2026-02-04
CVE-2026-25055 n8n Arbitrary File Write on Remote Systems via SSH Node — n8nCWE-22 10.0AICriticalAI2026-02-04
CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI — n8nCWE-80 5.4AIMediumAI2026-02-04
CVE-2026-25053 n8n is Vulnerable to OS Command Injection in Git Node — n8nCWE-78 8.8AIHighAI2026-02-04
CVE-2026-25052 n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users — n8nCWE-367 8.8AIHighAI2026-02-04
CVE-2026-25051 n8n Improper CSP Enforcement in Webhook Responses May Allow Stored XSS — n8nCWE-79 5.4AIMediumAI2026-02-04
CVE-2025-61917 n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner — n8nCWE-668 7.7 High2026-02-04
CVE-2026-25049 n8n Has an Expression Escape Vulnerability Leading to RCE — n8nCWE-913 9.9AICriticalAI2026-02-04
CVE-2025-68949 n8n has a Webhook Node IP Whitelist Bypass via Partial String Matching — n8nCWE-134 5.3 Medium2026-01-13

This page lists every published CVE security advisory associated with n8n-io. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.