CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

CVE-2026-27496

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

CVE-2026-27577

CVE-2026-27577 concerns n8n’s expression evaluation in workflow parameters, enabling remote code execution when an authenticated user with workflow edit rights crafts expressions. The issue is the expression sandbox escape leading to unintended host command execution. Affected releases are before...

CVE-2026-27497

CVE-2026-27497 is connected to the n8n advisory GHSA-WXX7-MCGF-J869, which documents a remote code execution risk in the Merge node when used in SQL query mode. An authenticated user with permission to create or modify workflows can cause arbitrary code execution and write files on the n8n server...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability stemmed from defects in the JavaScript Task Runner sandbox, which could allow authenticated users with...