CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

Vulnrichment•added 2026/03/25 5:7 p.m.•2 views

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

7.1CVSS5.8AI score0.00262EPSS

Exploits0References3

ATTACKERKB•added 2026/03/25 5:7 p.m.•2 views

CVE-2026-27496

7.1CVSS5.8AI score0.00262EPSS

Exploits0References4Affected Software1

OSV•added 2026/03/25 5:7 p.m.•5 views

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

7.1CVSS5.8AI score0.00262EPSS

Exploits0References5

CVE•added 2026/03/25 5:7 p.m.•29 views

CVE-2026-27496

CVE-2026-27496 (n8n) affects the open-source workflow automation platform n8n prior to versions 1.123.22, 2.9.3, and 2.10.1. An authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers, which may contain residua...

7.1CVSS5.8AI score0.00262EPSS

Exploits0References3Affected Software1

Snyk•added 2026/03/25 5:0 p.m.•4 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via 'js-task-runner.ts'. An attacker can expose residual data from the Node.js process, including secrets or tokens, by creating or modifying workflows that allocate uninitialized buffers when Task Runners...

7.1CVSS5.9AI score0.00262EPSS

Exploits0References2

OSV•added 2026/03/25 5:0 p.m.•1 views

GHSA-XVH5-5QG4-X9QP n8n has In-Process Memory Disclosure in its Task Runner

Impact An authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens —...

7.1CVSS5.8AI score0.00262EPSS

Exploits0References5

Github Security Blog•added 2026/03/25 5:0 p.m.•5 views

n8n has In-Process Memory Disclosure in its Task Runner

7.1CVSS5.7AI score0.00262EPSS

Exploits0References5Affected Software1

EUVD•added 2026/03/25 5:0 p.m.•2 views

EUVD-2026-15938

n8n has In-Process Memory Disclosure in its Task Runner...

7.1CVSS5.8AI score0.00262EPSS

Exploits0References3

CNNVD•added 2026/03/25 12:0 a.m.•5 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.22, 2.9.3, and 2.10.1 contained security vulnerabilities. These vulnerabilities stemmed from the JavaScript Task Runner’s ability to allocate uninitialized memory buffers, which could lead to...

7.1CVSS5.8AI score0.00262EPSS

Exploits0References4

Positive Technologies•added 2026/03/25 12:0 a.m.•4 views

PT-2026-28072

7.1CVSS5.8AI score0.00262EPSS

Exploits0References4

RedhatCVE•added 2026/02/26 10:34 p.m.•4 views

CVE-2026-27495

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...

9.9CVSS6.1AI score0.00596EPSS

Exploits0References1

ATTACKERKB•added 2026/02/25 10:10 p.m.•2 views

CVE-2026-27495

9.9CVSS6.2AI score0.00596EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2026/02/25 10:10 p.m.•3 views

CVE-2026-27495 n8n has a Sandbox Escape in its JavaScript Task Runner

9.4CVSS6.1AI score0.00596EPSS

Exploits0References5

Cvelist•added 2026/02/25 10:10 p.m.•22 views

CVE-2026-27495 n8n has a Sandbox Escape in its JavaScript Task Runner

9.4CVSS0.00596EPSS

Exploits0References5

CVE•added 2026/02/25 10:10 p.m.•11 views

CVE-2026-27495

CVE-2026-27495 affects n8n, an open-source workflow automation platform. Before versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandb...

9.9CVSS6.1AI score0.00596EPSS

Exploits0References5Affected Software1

OSV•added 2026/02/25 10:10 p.m.•4 views

CVE-2026-27495 n8n has a Sandbox Escape in its JavaScript Task Runner

9.4CVSS6.2AI score0.00596EPSS

Exploits0References7

EUVD•added 2026/02/25 9:23 p.m.•4 views

EUVD-2026-8758

n8n has a Sandbox Escape in its JavaScript Task Runner...

9.4CVSS5.3AI score0.00596EPSS

Exploits0References5

Snyk•added 2026/02/25 9:23 p.m.•5 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions. Workaround This vulnerability can be mitigated b...

9.9CVSS6.3AI score0.00596EPSS

Exploits0References2

Github Security Blog•added 2026/02/25 9:23 p.m.•9 views

n8n has a Sandbox Escape in its JavaScript Task Runner

Impact An authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners default runner mode, this could result in full compromise...

9.9CVSS6AI score0.00596EPSS

Exploits0References7Affected Software1

OSV•added 2026/02/25 9:23 p.m.•6 views

GHSA-JJPJ-P2WH-QF23 n8n has a Sandbox Escape in its JavaScript Task Runner

9.4CVSS6.2AI score0.00596EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by