89 matches found
@elizaos/plugin-n8n-workflow (>=1.0.1 <=1.0.2), @n8n/ai-workflow-builder (>=1.10.0 <=1.20.1) +10 more potentially affected by CVE-2026-44792 via @n8n/api-types (>=1.0.0-rc.0 <=1.20.0)
@n8n/api-types NPM version =1.0.0-rc.0, =1.0.1, =1.10.0, =1.19.0, =1.0.0, =1.3.0, =1.0.0, =1.19.0, =1.0.0, =2.0.0, =2.19.0, =2.19.0, =0.0.1, =0.0.3 Source cves: CVE-2026-44792 Source advisory: SNYK:JS-N8NAPITYPES-16726403...
CVE-2026-42234
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...
CVE-2026-42234
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...
CVE-2026-42234 n8n: Python Task Runner Sandbox Escape
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...
CVE-2026-42234
CVE-2026-42234 affects n8n, an open‑source workflow automation platform. Before versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user who can create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container....
CVE-2026-42234 n8n: Python Task Runner Sandbox Escape
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...
EUVD-2026-27109
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...
n8n 代码注入漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained a code injection vulnerability. This vulnerability stems from workflows that include Python Code Nodes, allowing authenticated users to escape the sandbox and...
PT-2026-36904
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary...
n8n has a Python Task Runner Sandbox Escape Vulnerability
Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...
GHSA-44V6-JHGM-P3M4 n8n has a Python Task Runner Sandbox Escape Vulnerability
Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...
CVE-2026-27496
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...
CVE-2026-27496
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...
CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...
CVE-2026-27496
CVE-2026-27496 (n8n) affects the open-source workflow automation platform n8n prior to versions 1.123.22, 2.9.3, and 2.10.1. An authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers, which may contain residua...
CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...
CVE-2026-27496
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...
CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...
EUVD-2026-15938
n8n has In-Process Memory Disclosure in its Task Runner...
Use of Uninitialized Resource
Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via 'js-task-runner.ts'. An attacker can expose residual data from the Node.js process, including secrets or tokens, by creating or modifying workflows that allocate uninitialized buffers when Task Runners...