Lucene search
K

18 matches found

NVD
NVD
added 3 hours ago4 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS
Exploits0References3
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-42613

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-44789

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques...

9.9CVSS0.00632EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 3:52 p.m.38 views

CVE-2026-44789

Summary (CVE-2026-44789, n8n): An authenticated user with permission to create/modify workflows can trigger global prototype pollution via an unvalidated pagination parameter in the HTTP Request node, potentially enabling remote code execution on the n8n host. Affected versions: before 1.123.43, ...

9.9CVSS6.1AI score0.00632EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/14 4:17 p.m.7 views

GHSA-C8XV-5998-G76H n8n: HTTP Request Node Pagination Prototype Pollution to RCE

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. Patches The issue has been fixed in n8n...

9.4CVSS5.8AI score0.00632EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/14 4:17 p.m.12 views

n8n: HTTP Request Node Pagination Prototype Pollution to RCE

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. Patches The issue has been fixed in n8n...

9.9CVSS5.8AI score0.00632EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/11 12:24 a.m.14 views

Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

8.8CVSS5.8AI score0.023EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2026/03/10 10:16 p.m.7 views

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

8.8CVSS0.023EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/08 1:22 a.m.7 views

CVE-2026-25631

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

6.5CVSS5.7AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 9:16 p.m.8 views

CVE-2026-25631

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

6.5CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 8:34 p.m.6 views

EUVD-2026-5569

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

5.3CVSS5.5AI score0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:34 p.m.4 views

CVE-2026-25631

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

5.3CVSS5.5AI score0.00275EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/06 8:34 p.m.20 views

CVE-2026-25631

The CVE-2026-25631 entry concerns n8n’s HTTP Request node credential domain validation. The vulnerability allows an authenticated attacker to send requests with credentials to unintended domains, potentially exfiltrating credentials. It specifically affects users with wildcard domain patterns lik...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/06 8:34 p.m.31 views

CVE-2026-25631 Domain allowlist bypass enables credential exfiltration

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

5.3CVSS0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.10 views

n8n 输入验证错误漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Prior to version 1.121.0, there was a vulnerability related to input validation errors in n8n. This vulnerability stemmed from improper validation of credentials in the HTTP Request node, allowing authenticated attackers t...

6.5CVSS6AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 8:33 p.m.3 views

GHSA-2XCX-75H9-VR9H n8n's domain allowlist bypass enables credential exfiltration

Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain...

5.3CVSS5.5AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-6656

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.121.0 Description n8n is a workflow automation platform. A flaw in the HTTP Request node’s credential domain validation could allow an authenticated attacker to send requests with credentials to unintended domains,...

5.3CVSS5.5AI score0.00275EPSS
Exploits0References7
Rows per page
Query Builder