CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

CVE-2026-21858 n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

CVE-2026-21858 n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

CVE-2026-21858 n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the Stripe Trigger node that does not verify incoming webhook requests against Stripe webhook signing secret. An attacker with valid webhook URL can execute unauthorized...

GHSA-JF52-3F2H-H9J5 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

Impact An authentication bypass in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were n...

n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

Impact An authentication bypass in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were n...

Improper Validation of Specified Type of Input

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input that is passed to the handleFormData function. An attacker can gain unauthorized access to files on the underlying server by requests with unexpected...

EUVD-2026-1187

n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling...

n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

Impact A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system...

Improper Validation of Specified Type of Input

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input that is passed to the handleFormData function. An attacker can gain unauthorized access to files on the underlying server by requests with unexpected...

GHSA-V4PR-FM98-W9PG n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

Impact A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system...

CVE-2026-21856

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...

CVE-2026-21856 Tarkov Data Manager has Authenticated SQL Injection

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...

CVE-2026-21856

CVE-2026-21856 affects the Tarkov Data Manager. A time-based blind SQL injection existed in the webhook edit and scanner API endpoints prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, allowing an authenticated attacker to execute arbitrary SQL queries against the MySQL database. A patch ...

CVE-2026-21856 Tarkov Data Manager has Authenticated SQL Injection

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...

EUVD-2026-1401

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...

CVE-2026-21856 Tarkov Data Manager has Authenticated SQL Injection

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...

CVE-2026-0656

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...