CVE-2026-27496

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

CVE-2026-27496

CVE-2026-27496 (n8n) affects the open-source workflow automation platform n8n prior to versions 1.123.22, 2.9.3, and 2.10.1. An authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers, which may contain residua...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via 'js-task-runner.ts'. An attacker can expose residual data from the Node.js process, including secrets or tokens, by creating or modifying workflows that allocate uninitialized buffers when Task Runners...

n8n has In-Process Memory Disclosure in its Task Runner

Impact An authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens —...

CVE-2026-27495

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...

n8n has a Sandbox Escape in its JavaScript Task Runner

Impact An authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners default runner mode, this could result in full compromise...

PT-2026-22030

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description n8n is an open source workflow automation platform. A flaw exists in the JavaScript Task Runner sandbox, potentially allowing an authenticated...