EUVD-2026-27113

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

CVE-2026-42235 n8n: XSS via MCP OAuth client

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that...

CVE-2026-33751

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...

LDAP Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to LDAP Injection via the LDAP node's filter escape. An attacker can retrieve unauthorized LDAP records or bypass authentication checks by injecting specially crafted input into LDAP search parameters...

CVE-2026-33724

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

CVE-2026-27495

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...

CVE-2026-27577 n8n: Expression Sandbox Escape Leads to RCE

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...

Arbitrary Code Injection

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the expression evaluation system. An attacker can execute arbitrary system commands by crafting malicious expressions in workflow parameters. Notes: 1 This is only...

📄 n8n Workflow Automation Remote Configuration / Admin Data Extraction

This Metasploit module exploits multiple vulnerabilities in n8n workflow automation tool. It leverages a file read vulnerability to steal encryption keys and database, then uses stolen credentials to authenticate and execute arbitrary commands via the Execute Command node...

Improper Input Validation

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Input Validation via the credential domain validation process. An attacker can access sensitive credentials by sending requests to unintended domains using wildcard domain patterns in...

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @a700/n8n-nodes-agent700 (>=1.0.5 <=1.0.7) +260 more potentially affected by CVE-2026-25055 via n8n-workflow (>=2.0.0 <=2.3.1)

n8n-workflow NPM version =2.0.0, =1.0.0, =1.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.2.2, =0.3.6, =0.1.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-25055 Source advisory: SNYK:JS-N8NWORKFLOW-15220690...

@0xlimao/n8n-nodes-ethereum (=0.1.1), @adhiraj2486/n8n-nodes-vigorus (=1.0.8) +699 more potentially affected by CVE-2026-25055 via n8n-workflow (>=1.0.0 <=1.120.4)

n8n-workflow NPM version =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.5.2, =1.0.1, =1.0.0, =0.1.1, =0.1.4 - @arwinho/n8n-nodes-oxxa =0.1.0 - @avisaapp/n8n-nodes-avisaapp =0.1.0 - @bergetai/n8n-nodes-all =1.1.0 and more Source cves: CVE-2026-25055 Source advisory: SNYK:JS-N8NWORKFLOW-15220690...

Directory Traversal

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Directory Traversal via the SSH node when workflows process uploaded files and transfer them to remote servers without validating their metadata. An attacker can write files to unintended...

GHSA-QPQ4-PW7F-PP8W n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI

Impact A Cross-site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts...

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @a700/n8n-nodes-agent700 (>=1.0.5 <=1.0.7) +258 more potentially affected by CVE-2025-68613 +1 more via n8n-workflow (>=2.0.0-rc.0 <=2.3.0)

n8n-workflow NPM version =2.0.0-rc.0, =1.0.0, =1.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.2.2, =0.3.6, =0.1.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2025-68613, CVE-2026-25049 Source advisory: SNYK:JS-N8NWORKFLOW-15219713...

Improper Control of Dynamically-Managed Code Resources

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the workflow expression evaluation system. An attacker can execute arbitrary code with the privileges of the underlying process by...

CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

@0xlimao/n8n-nodes-ethereum (=0.1.1), @adhiraj2486/n8n-nodes-vigorus (=1.0.8) +699 more potentially affected by CVE-2026-1470 via n8n-workflow (>=1.0.0 <=1.120.6)

n8n-workflow NPM version =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.5.2, =1.0.1, =1.0.0, =0.1.1, =0.1.4 - @arwinho/n8n-nodes-oxxa =0.1.0 - @avisaapp/n8n-nodes-avisaapp =0.1.0 - @bergetai/n8n-nodes-all =1.1.0 and more Source cves: CVE-2026-1470 Source advisory: SNYK:JS-N8NWORKFLOW-15118125...

@n8n/ai-workflow-builder (=1.5.0), @n8n/api-types (=1.5.0) +10 more potentially affected by CVE-2026-1470 via n8n-workflow (=2.5.0)

n8n-workflow NPM version =2.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on n8n-workflow and may be impacted: - @n8n/ai-workflow-builder =1.5.0 - @n8n/api-types =1.5.0 - @n8n/backend-common =1.5.0 - @n8n/backend-test-utils =1.5.0 - @n8n/db =1.5.0 -...

Eval Injection

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Eval Injection during the Expression evaluation workflow. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not...